DotPlant2 Improper Restriction of XML External Entity Reference

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

GHSA-C49V-35FF-Q9F7 DotPlant2 Improper Restriction of XML External Entity Reference

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

CVE-2020-25750

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

Code injection

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

PT-2020-16183 · Dotplant · Dotplant2

Name of the Vulnerable Software and Affected Versions: DotPlant2 versions prior to 2020-09-14 Description: An issue was discovered in the Pay2PayPayment class in payment/Pay2PayPayment.php, where there is an XXE vulnerability in the checkResult function. The user input $ POST'xml' is used for...