5 matches found
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
CVE-2023-26267
creationtimestamp| type| source ---|---|--- 2023-02-21 12:16:33+00:00| seen| https://t.me/cibsecurity/58561...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
CVE-2023-26267
The vulnerability CVE-2023-26267 affects php-saml-sp in versions before 1.1.1 and 2.x before 2.1.1. It allows reading arbitrary files as the webserver user because XML external entities are silently resolved via LIBXML_DTDLOAD and LIBXML_DTDATTR. No exploitation details are provided in the source...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...