Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

GHSA-534C-HCR7-67JG Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

CVE-2020-25750

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

Code injection

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

CVE-2020-25750

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

CVE-2018-18737

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexmlloadstring. This can also be used for SSRF...

Design/Logic Flaw

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexmlloadstring. This can also be used for SSRF...

CVE-2018-18737

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexmlloadstring. This can also be used for SSRF...

CVE-2018-1000124

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity XXE vulnerability in line 154 of importmetadata.phpsimplexmlloadstring that can result in an attacker reading the contents of a file and SSRF. This attack appear to be exploitable via posting xml in the Parameter...

74cms某功能注入漏洞（有条件）

简要描述： 略鸡肋,分享出来。 详细说明： 最新版v3.4，更新时间20140310 文件/plus/weixin.php responseMsg函数，使用 $postStr = $GLOBALS"HTTPRAWPOSTDATA"; 获得了post数据。所以，可以无视GPC。 获得的数据是XML格式，我们一会发送数据包即可。 继续看该函数： if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername =...

phpMyAdmin simplexml_load_string() Function Information Disclosure (PMASA-2011-17)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is affected by an information disclosure vulnerability. The vulnerability, which is in the simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.3.x...

CVE-2011-4107

The simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity XXE injection...

phpMyAdmin simplexml_load_string()函数信息泄露漏洞

No description provided by source...

phpMyAdmin "simplexml_load_string()"函数信息泄露漏洞

BUGTRAQ ID: 50497 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin在simplexmlloadstring函数的实现上存在信息泄露漏洞，攻击者可利用此漏洞在服务器中读取任意文件。 phpMyAdmin 3.x phpMyAdmin 2.x 厂商补丁： phpMyAdmin ---------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.phpmyadmin.net/homepage/security/...