Количество 2
Количество 2
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
GHSA-c49v-35ff-q9f7
DotPlant2 Improper Restriction of XML External Entity Reference
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-25750 An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад |
| GHSA-c49v-35ff-q9f7 DotPlant2 Improper Restriction of XML External Entity Reference | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу