提出 #685626: https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection情報

タイトルhttps://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection
説明The cloud network collaborative office system has XML external entity injection. When inputting XML, there is no prohibition on loading external entities, which can result in loading malicious external files, causing harm such as file reading, command execution, internal port scanning, and attacking internal websites.
ソース⚠️ https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md
ユーザー
 youran (UID 89737)
送信2025年10月30日 10:00 (9 月 ago)
モデレーション2025年11月14日 20:01 (15 days later)
ステータス承諾済み
VulDBエントリ332528 [bestfeng oa_git_free 迄 9.5 WorkflowPredefineController.java updateWriteBack writeProp XML External Entity]
ポイント18

Want to know what is going to be exploited?

We predict KEV entries!