| शीर्षक | OpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) XML Injection |
|---|
| विवरण | OpenClinica is vulnerable to XXE in the "Import CRF Data" function. The XML parser processes external entities. A crafted XML can read local files (e.g. /etc/passwd) and reflect their contents back in the UI error block, confirming XXE with file disclosure and potential SSRF.
A detailed write-up is available in the link provided. |
|---|
| स्रोत | ⚠️ https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md |
|---|
| उपयोगकर्ता | mikecole-mg (UID 89343) |
|---|
| सबमिशन | 23/10/2025 04:31 AM (9 महीनों पहले) |
|---|
| संयम | 09/11/2025 07:42 AM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 331641 [OpenClinica Community Edition तक 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file अधिकार वृद्धि] |
|---|
| अंक | 18 |
|---|