Описание
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:douchat:douchat:4.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00371
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.
EPSS
Процентиль: 58%
0.00371
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-611