2 matches found
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...
MUSASI version 3 performing authentication on client-side
Overview MUSASI provided by NEUMANN CO.LTD. is an e-learning system for driving schools. MUSASI version 3 performs authentication within the client-side code CWE-603, and the client in pre-authentication state retrieves the credential information from the server just when a user ID is input. This...