CVE-2018-1000540
Last modified
CVE-2018-1000540 is a vulnerability of currently unknown severity. LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.. EPSS estimates a 1.22% chance of exploitation in the next 30 days.
Description
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Loboevolution Project | Loboevolution | < 0.99.3 |
References
- https://github.com/oswetto/LoboEvolution/issues/38Exploit, Third Party Advisory
- https://github.com/oswetto/LoboEvolution/issues/38Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000540?
How severe is CVE-2018-1000540?
How do I fix CVE-2018-1000540?
Are you affected by CVE-2018-1000540?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST