exploitDog

GHSA-q74v-wmpg-rr8q

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system.

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system.

Ссылки

EPSS

Процентиль: 97%

0.41682

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2019-13358

CVSS3: 7.5

nvd

больше 6 лет назад

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

EPSS

Процентиль: 97%

0.41682

Средний

7.5 High

CVSS3

CVE ID

Дефекты

CWE-611