ventrian News-ArticlesXML External Entity Injection Vulnerability

ventrian News-Articles is a backend system for publishing and managing news. An XML external entity injection vulnerability exists in the News-Articles/API/MetaWebLog/Handler.ashx.vb file in ventrian News-Articles version 00.09.11. An attacker can use this vulnerability to read arbitrary files on...

CVE-2018-1000515

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity XXE vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server...

CVE-2018-1000515

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity XXE vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server...

CVE-2018-1000515

The CVE-2018-1000515 entry affects ventrian News-Articles version NewsArticles.00.09.11, where an XML External Entity (XXE) vulnerability exists in News-Articles/API/MetaWebLog/Handler.ashx.vb. The issue enables an attacker to read arbitrary files on the server and potentially perform an SMBRelay...