9 matches found
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
GHSA-C49V-35FF-Q9F7 DotPlant2 Improper Restriction of XML External Entity Reference
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
DotPlant2 Improper Restriction of XML External Entity Reference
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
Code injection
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
CVE-2020-25750
DotPlant2 contains an XXE vulnerability in Pay2PayPayment::checkResult() where user input from $_POST['xml'] is fed to simplexml_load_string without sanitization. Affected: DotPlant2 versions before 2020-09-14; note that maintenance status is archived. Impact described in sources: potential XML E...
CVE-2020-25750
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...
PT-2020-16183 · Dotplant · Dotplant2
Name of the Vulnerable Software and Affected Versions: DotPlant2 versions prior to 2020-09-14 Description: An issue was discovered in the Pay2PayPayment class in payment/Pay2PayPayment.php, where there is an XXE vulnerability in the checkResult function. The user input $ POST'xml' is used for...