What is CVE-2017-14537?

CVE-2017-14537 is a vulnerability in N/a. Published 2018-02-16.

Is CVE-2017-14537 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2017-14537

trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

EPSS: 0.855 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
Hacker5preme/Exploits
merlinepedra/nuclei-templates
merlinepedra25/nuclei-templates
sobinge/nuclei-templates

References

103007 (vdb-entry, x_refsource_BID)
secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulne… (x_refsource_MISC)
packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html (x_refsource_MISC)
github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit (x_refsource_MISC)

Frequently asked questions

What is CVE-2017-14537?: CVE-2017-14537 is a vulnerability in N/a. Published 2018-02-16.
Is CVE-2017-14537 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.