PT-2023-13658 · Güralp · Güralp Man-Eam-0003
Published
2023-04-16
·
Updated
2023-04-25
·
CVE-2022-38840
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Güralp MAN-EAM-0003 version 3.2.4
Description
The issue is related to an XML External Entity (XXE) problem via XML file upload, which can lead to local file disclosure. This occurs in the
cgi-bin/xmlstatus.cgi component.Recommendations
For Güralp MAN-EAM-0003 version 3.2.4, consider disabling the XML file upload feature in
cgi-bin/xmlstatus.cgi until a patch is available to prevent local file disclosure.Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Güralp Man-Eam-0003