PT-2017-10887 · Php · Simplexml

Onesourcecat

Published

2017-11-17

Updated

2025-09-12

CVE-2017-1000190

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions SimpleXML version 2.7.1

Description The issue allows for an XXE vulnerability, which can result in SSRF, information disclosure, and denial of service (DoS) attacks.

Recommendations For SimpleXML version 2.7.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1000190

GHSA-F5QF-VH69-9Q4R

Affected Products

Simplexml

PT-2017-10887 · Php · Simplexml

CVE-2017-1000190

Weakness Enumeration

Related Identifiers

Affected Products

References · 18