344 matches found
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...
CVE-2018-19277
CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...
PT-2018-14898 · Phpoffice · Phpoffice Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PHPOffice PhpSpreadsheet versions prior to 1.5.1 Description: The issue allows a bypass of protection mechanisms for XML External Entity XXE attacks via UTF-7 encoding in a .xlsx file. This is achieved through the securityScan function in...