Lucene search
K

347 matches found

Friends Of PHP
Friends Of PHP
added 2018/11/20 7:50 p.m.106 views

XXE Vulnerability

This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...

8.8CVSS8.5AI score0.07791EPSS
Exploits4Affected Software1
Veracode
Veracode
added 2018/11/15 8:20 a.m.25 views

XML External Entity Injection (XXE)

phpspreadsheet is vulnerable to XML external entity injection XXE. The function securityScan does not support enough encoding mechanism in scanning XMLs for XXE protection, bypassing the malicious XML with UTF-7 encoding...

8.8CVSS8.8AI score0.07791EPSS
Exploits4References4Affected Software1
Snyk
Snyk
added 2018/11/14 1:17 p.m.3 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection. phpoffice/phpspreadsheet is a library written in pure PHP and providing a set of classes that allow you to read from and to write to different spreadsheet file formats, like Excel and LibreOffice Calc...

8.8CVSS7.3AI score0.07791EPSS
Exploits4References2
NVD
NVD
added 2018/11/14 11:29 a.m.12 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS8.7AI score0.07791EPSS
Exploits4References4
OSV
OSV
added 2018/11/14 11:29 a.m.24 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS6.7AI score
Exploits0References4
CVE
CVE
added 2018/11/14 11:0 a.m.1103 views

CVE-2018-19277

CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...

8.8CVSS8.5AI score0.07791EPSS
Exploits4References4Affected Software1
Positive Technologies
Positive Technologies
added 2018/11/14 12:0 a.m.6 views

PT-2018-14898 · Phpoffice · Phpoffice Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.5.1 Description: The issue allows a bypass of protection mechanisms for XML External Entity XXE attacks via UTF-7 encoding in a .xlsx file. This is achieved through the securityScan function in...

8.8CVSS8.8AI score0.07791EPSS
Exploits4References16
Rows per page
Query Builder