3 matches found
CVE-2022-31447
An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...
CVE-2022-31447
An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...
CVE-2022-31447
CVE-2022-31447 is an XXE (XML External Entity) vulnerability affecting Magicpin v3.4. The issue allows an attacker to access sensitive database information by processing a crafted SVG file, indicating a flaw in how SVG/XML input is parsed. Root cause: XML external entity handling weakness in the ...