Описание
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Ссылки
- ExploitUS Government Resource
- Exploit
- ExploitUS Government Resource
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3.0 (включая)
Одно из
cpe:2.3:a:openbravo:openbravo_erp:*:*:*:*:*:*:*:*
cpe:2.3:a:openbravo:openbravo_erp:2.40:*:*:*:*:*:*:*
cpe:2.3:a:openbravo:openbravo_erp:2.50:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.5674
Средний
3.5 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
EPSS
Процентиль: 98%
0.5674
Средний
3.5 Low
CVSS2
Дефекты
CWE-264