Design/Logic Flaw

2022-03-1017:45:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.

CPENameOperatorVersion
geocalllt8.0

CPE	Name	Operator	Version
	geocall	lt	8.0

References

labs.yarix.com/2022/03/overit-framework-xslt-injection-and-xxe-cve-2022-22834-cve-2022-22835/

labs.yarix.com/advisories/cve-2022-22835/

overit.us/products/geocall/