3 matches found
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...
CVE-2014-2054
CVE-2014-2054 affects PHPExcel prior to 1.8.0 when used by ownCloud Server (before 5.0.15 and 6.0.x before 6.0.2). Root cause: libxml external entity loading is not disabled, enabling XML External Entity (XXE) attacks. Impact: potential to read arbitrary files, cause denial of service, and other ...
PHPExcel XML外部实体处理漏洞
CVE ID:CVE-2014-2054 PHPExcel是用来操作Office Excel文档的一个PHP类库,它基于微软的OpenXML标准和PHP语言。 PHPExcel在解析XML实体时存在错误,允许攻击者利用漏洞提交包含外部实体引用的XML文档,获取系统文件内容信息。 0 PHPExcel 1.x PHPExcel 1.8.0已经修复该漏洞,建议用户下载更新: https://github.com/PHPOffice/PHPExce...