CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9413

Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html
https://www.exploit-db.com/exploits/42118/
http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html
https://www.exploit-db.com/exploits/42118/

Products affected by CVE-2017-9413

Subsonic » Subsonic » Version: 6.1.1

cpe:2.3:a:subsonic:subsonic:6.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9413

Products

Pricing

Contact Us