Описание
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:eyoucms:eyoucms:1.5.4:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00337
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 7.2
github
почти 4 года назад
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
EPSS
Процентиль: 56%
0.00337
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611