Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2019/11/20 1:39 a.m.59 views

XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS1.5AI score0.0135EPSS
Exploits1References8Affected Software2
OSV
OSV
added 2019/11/20 1:39 a.m.54 views

GHSA-VVWV-H69M-WG6F XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS8.5AI score0.0135EPSS
Exploits1References8
Veracode
Veracode
added 2019/11/08 3:24 a.m.25 views

XML External Entity (XXE)

PHPOffice PhpSpreadsheet is vulnerable to XXE. The fix to prevent CVE-2018-19277 was not sufficient to protect against the previous vulnerability. An attacker is able to bypass the mitigation by double-encoding the the XML payload into utf-7 and bypass the check for the string ?!ENTITY?...

8.8CVSS2.4AI score0.07791EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2019/11/07 3:15 p.m.19 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.8CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2019/11/07 3:15 p.m.23 views

Xxe

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

6.8CVSS8.6AI score0.07791EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2019/11/07 2:3 p.m.27 views

CVE-2019-12331

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...

8.6AI score0.0135EPSS
Exploits1References2
myhack58
myhack58
added 2019/01/26 12:0 a.m.862 views

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

6.8CVSS0.1AI score0.07791EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2019/01/03 12:0 a.m.3 views

PhpSpreadsheet XML External Entity Injection (CVE-2018-19277)

An XML external entity injection vulnerability exists in PhpSpreadsheet library. The vulnerability is due to a failure to properly handle external entity references in XML files. A successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

6.8CVSS1AI score0.07791EPSS
Exploits4
0day.today
0day.today
added 2018/12/24 12:0 a.m.141 views

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability

Exploit for php platform in category web applications Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One...

6.8CVSS0.2AI score0.07791EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.65 views

PhpSpreadsheet &lt; 1.5.0 - XML External Entity (XXE)

Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...

8.8CVSS8.7AI score0.07791EPSS
Exploits4
exploitpack
exploitpack
added 2018/11/30 12:0 a.m.51 views

PhpSpreadsheet 1.5.0 - XML External Entity (XXE)

PhpSpreadsheet 1.5.0 - XML External Entity XXE Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability...

6.8CVSS8.8AI score0.07791EPSS
Exploits4
Cvelist
Cvelist
added 2018/11/14 11:0 a.m.42 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.7AI score0.07791EPSS
Exploits4References4
CVE
CVE
added 2018/11/14 11:0 a.m.1103 views

CVE-2018-19277

CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...

8.8CVSS8.5AI score0.07791EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder