4 matches found
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
OpenCats 0.9.4-2 XML Injection
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
OpenCats 0.9.4-2 -(docx) XML External Entity Injection Vulnerability
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
CVE-2019-13358
OpenCats prior to 0.9.4-3 contains an XXE in lib/DocumentToText.php that lets remote attackers read files on the underlying OS. Exploitation requires the attacker to upload a docx or odt document, triggering the entity processing. The issue is associated with OpenCats 0.9.4-3 and earlier, with fi...