PHPOffice PhpSpreadsheet is vulnerable to XXE. The fix to prevent CVE-2018-19277 was not sufficient to protect against the previous vulnerability. An attacker is able to bypass the mitigation by double-encoding the the XML payload into utf-7
and bypass the check for the string ?<!ENTITY?
.
CPE | Name | Operator | Version |
---|---|---|---|
phpoffice/phpspreadsheet | le | 1.7.0 |