347 matches found
XXE Vulnerability
This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...
XML External Entity Injection (XXE)
phpspreadsheet is vulnerable to XML external entity injection XXE. The function securityScan does not support enough encoding mechanism in scanning XMLs for XXE protection, bypassing the malicious XML with UTF-7 encoding...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection. phpoffice/phpspreadsheet is a library written in pure PHP and providing a set of classes that allow you to read from and to write to different spreadsheet file formats, like Excel and LibreOffice Calc...
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...
PT-2018-14898 · Phpoffice · Phpoffice Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.5.1 Description: The issue allows a bypass of protection mechanisms for XML External Entity XXE attacks via UTF-7 encoding in a .xlsx file. This is achieved through the securityScan function in...