Описание
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.06 (включая)
cpe:2.3:a:moj:applicant_programme:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00038
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
больше 2 лет назад
Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
EPSS
Процентиль: 11%
0.00038
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611