exploitDog

CVE-2022-47514

Опубликовано: 18 дек. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

Ссылки

https://github.com/jumpycastle/xmlrpc.net-poc
Exploit
Third Party Advisory
https://papercutsoftware.github.io/XML-RPC.NET/download.html
Vendor Advisory
https://github.com/jumpycastle/xmlrpc.net-poc
Exploit
Third Party Advisory
https://papercutsoftware.github.io/XML-RPC.NET/download.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xml-rpc.net_project:xml-rpc.net:*:*:*:*:*:*:*:*

Версия до 2.5.0 (исключая)

EPSS

Процентиль: 70%

0.00625

Низкий

8.8 High

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-rvqq-fwff-p2v4

CVSS3: 8.8

github

около 3 лет назад

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

EPSS

Процентиль: 70%

0.00625

Низкий

8.8 High

CVSS3

Дефекты

CWE-611