PT-2018-15307 · Weechat · Weixin-Java-Tools

Published

2018-12-21

Updated

2025-09-12

CVE-2018-20318

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions weixin-java-tools version 3.2.0

Description An issue was discovered in the getXmlDoc method of the BaseWxPayResult.java file, which contains an XXE vulnerability.

Recommendations For weixin-java-tools version 3.2.0, consider disabling the getXmlDoc method in the BaseWxPayResult.java file as a temporary workaround until a patch is available.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-20318

Affected Products

Weixin-Java-Tools

PT-2018-15307 · Weechat · Weixin-Java-Tools

CVE-2018-20318

Weakness Enumeration

Related Identifiers

Affected Products

References · 4