Critical severity9.8NVD Advisory· Published Apr 10, 2018· Updated Jun 17, 2026

CVE-2017-14323

Description

SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter.

Affected products

Onethink/Onethinkinferred2 versions
>=1.0,<=1.1+ 1 more
- (no CPE)range: >=1.0,<=1.1
- (no CPE)range: V1.0, V1.1

Patches

Vulnerability mechanics

References

seclists.org/fulldisclosure/2018/Apr/16nvdExploitMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000