CVE-2018-1000515

Published: Jun 26, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..

Affected (1)

Products: News Articles Project: News Articles

News Articles Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
News Articles Project News Articles	Version 00.09.11

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://drive.google.com/drive/folders/1P7djpYX8VQ0oplhOCMFNdKQByCcw2ncU?usp=sharing

Source: cve@mitre.org

ExploitThird Party Advisory

https://drive.google.com/drive/folders/1P7djpYX8VQ0oplhOCMFNdKQByCcw2ncU?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.