Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...

CVE-2026-40863 PhpSpreadsheet: CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attack...

CVE-2026-40902

PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes method reads row numbers from XML attributes without validating them against the spreadsheet maximum row...

PhpSpreadsheet has CPU Denial of Service via Unbounded Row Index in SpreadsheetML XML Reader

Summary The SpreadsheetML XML reader Reader\Xml does not validate the ss:Index row attribute against the maximum allowed row count AddressRange::MAXROW = 1,048,576. An attacker can craft a SpreadsheetML XML file with ss:Index="999999999" on a element, which inflates the internal cachedHighestRow ...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

Arbitrary File Read

nuovo/spreadsheet-reader is vulnerable to an Arbitrary File Read. The library ships with a test.php file in the root-directory, which can be called via a HTTP GET with an arbitrary path as a value for the File parameter, which allows attackers to gain access to an arbitrary file...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

PT-2023-22458 · Unknown · Spreadsheet-Reader

Name of the Vulnerable Software and Affected Versions: spreadsheet-reader version 0.5.11 Description: A Local File inclusion issue in test.php allows remote attackers to include arbitrary files via the File parameter. This could potentially lead to sensitive information disclosure or other securi...

CVE-2023-29887

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter...

spreadsheet-reader 路径遍历漏洞

spreadsheet-reader is Nuovo open source PHP spreadsheet reader. A security vulnerability exists in spreadsheet-reader version 0.5.11, which stems from a local file inclusion vulnerability that allows remote attackers to include arbitrary files via the File parameter...

CVE-2023-29887

CVE-2023-29887 concerns a Local File Inclusion in Nuovo Spreadsheet Reader 0.5.11, specifically in test.php, allowing an attacker to include arbitrary files via the File parameter. The vulnerability arises from LFI in a PHP library’s test.php file, enabling potential data disclosure (confidential...