The vulnerability in the GetMdmMessage class of SysAid software allows attackers to perform XXE attacks.

The vulnerability in the GetMdmMessage class of SysAid support and control software relates to incorrect restrictions on XML links to external objects during the processing of the /mdm/checkin endpoint. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

PT-2024-38926 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c Description: A critical vulnerability was found in dingfanzu CMS, affecting an unknown functionality of the file /ajax/checkin.php. The manipulation of the username argument leads t...