exploitDog

CVE-2019-9761

Опубликовано: 14 мар. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

Ссылки

https://gitee.com/koyshe/phpshe/issues/ITC0C
Exploit
Third Party Advisory
https://gitee.com/koyshe/phpshe/issues/ITC0C
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpshe:phpshe:1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00621

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-c758-m683-8fqc

CVSS3: 7.5

github

больше 3 лет назад

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php.

EPSS

Процентиль: 70%

0.00621

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611