2 matches found
XML External Entitty (XXE)
silverstripe/framework is vulnerable to XML external entity XXE attacks. The loading of external entities and DTDs are not disabled and allows an attacker to perform server-side request forgery SSRF attacks or retrieve confidential system files via a malicious XML document...
Poll It CGI data_dir Parameter Arbitrary File Access
'PollItSSIv2.0.cgi' is installed. This CGI has a well known security flaw that lets an attacker retrieve any file from the remote system, e.g. /etc/passwd. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by Tenable: - attempt to read...