PT-2018-9436 · Loboevolution · Loboevolution
Prodigysml
·
Publicado
2018-06-26
·
Atualizado
2018-08-20
·
CVE-2018-1000540
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LoboEvolution versions prior to 9b75694cedfa4825d4a2330abf2719d470c654cd
Description
The issue is related to a XML External Entity (XXE) vulnerability in XML Parsing. This can be exploited by viewing a specially crafted XML file in the browser, potentially leading to disclosure of confidential data, denial of service, or server-side request forgery.
Recommendations
For versions prior to 9b75694cedfa4825d4a2330abf2719d470c654cd, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the viewing of XML files in the browser to minimize the risk of exploitation.
Exploit
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Loboevolution