4 matches found
CVE-2020-26564
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have !ENTITY content, create a .xml file for a generic survey template containing a link to this .css file, and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey'importFile'...
CVE-2020-26564
ObjectPlanet Opinio is affected by XXE in versions before 7.15. The vulnerability arises from a sequence where an attacker modifies a CSS file to include an ENTITY, creates an XML that references that CSS, and imports the XML via the survey admin interface, enabling an XXE that can be triggered d...
ObjectPlanet Opinio 7.13 / 7.14 XML Injection Vulnerability
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...
ObjectPlanet Opinio 7.13 / 7.14 XML Injection
Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26564 Exploit Title: ObjectPlanet Opinio version 7.13/7.14 allows XXE injection Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timothy Tan ...