PT-2017-18122 · Modified Ecommerce · Modified Ecommerce Shopsoftware

Published

2017-04-25

Updated

2020-07-07

CVE-2017-8110

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions modified eCommerce Shopsoftware version 2.0.2.2 rev 10690

Description The issue concerns an XXE (XML External Entity) vulnerability. It is located in the "api/it-recht-kanzlei/api-it-recht-kanzlei.php" API endpoint.

Recommendations For version 2.0.2.2 rev 10690, as a temporary workaround, consider restricting access to the "api/it-recht-kanzlei/api-it-recht-kanzlei.php" API endpoint until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-8110

Affected Products

Modified Ecommerce Shopsoftware

PT-2017-18122 · Modified Ecommerce · Modified Ecommerce Shopsoftware

CVE-2017-8110

Weakness Enumeration

Related Identifiers

Affected Products

References · 3