PT-2020-16183 · Dotplant · Dotplant2

Name of the Vulnerable Software and Affected Versions: DotPlant2 versions prior to 2020-09-14 Description: An issue was discovered in the Pay2PayPayment class in payment/Pay2PayPayment.php, where there is an XXE vulnerability in the checkResult function. The user input $ POST'xml' is used for...

PT-2005-2876 · Egroupware +10 · Egroupware +10

Name of the Vulnerable Software and Affected Versions: PEAR XML RPC versions 1.3.0 and earlier PHPXMLRPC versions 1.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement...