Unrated severityNVD Advisory· Published Mar 30, 2018· Updated Aug 5, 2024

CVE-2017-16614

Description

SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter.

Affected products

Tp Shop/Tpshopinferred2 versions
>=2.0.5,<=2.0.6+ 1 more
- (no CPE)range: >=2.0.5,<=2.0.6
- (no CPE)range: 2.0.5, 2.0.6

Patches

Vulnerability mechanics

References

seclists.org/fulldisclosure/2018/Mar/77mitremailing-listx_refsource_FULLDISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000