PT-2018-9436 · Loboevolution · Loboevolution

Prodigysml

Published

2018-06-26

Updated

2018-08-20

CVE-2018-1000540

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LoboEvolution versions prior to 9b75694cedfa4825d4a2330abf2719d470c654cd

Description The issue is related to a XML External Entity (XXE) vulnerability in XML Parsing. This can be exploited by viewing a specially crafted XML file in the browser, potentially leading to disclosure of confidential data, denial of service, or server-side request forgery.

Recommendations For versions prior to 9b75694cedfa4825d4a2330abf2719d470c654cd, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the viewing of XML files in the browser to minimize the risk of exploitation.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-1000540

Affected Products

Loboevolution

PT-2018-9436 · Loboevolution · Loboevolution

CVE-2018-1000540

Weakness Enumeration

Related Identifiers

Affected Products

References · 3