जमा करें #680872: OpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) XML Injectionजानकारी

शीर्षकOpenClinica OpenClinica Community Edition 3.13, Changeset 74f4df3481b6 (2017-02-28) and 3.12.2, Changeset 347dcfca3d17 (2016-11-21) XML Injection
विवरणOpenClinica is vulnerable to XXE in the "Import CRF Data" function. The XML parser processes external entities. A crafted XML can read local files (e.g. /etc/passwd) and reflect their contents back in the UI error block, confirming XXE with file disclosure and potential SSRF. A detailed write-up is available in the link provided.
स्रोत⚠️ https://github.com/mikecole-mg/security_findings/blob/main/openclinica/openclinica-xxe.md
उपयोगकर्ता
 mikecole-mg (UID 89343)
सबमिशन23/10/2025 04:31 AM (9 महीनों पहले)
संयम09/11/2025 07:42 AM (17 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि331641 [OpenClinica Community Edition तक 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file अधिकार वृद्धि]
अंक18

Might our Artificial Intelligence support you?

Check our Alexa App!