| 제목 | Feng Office >= v3.2.2.1 XXE |
|---|
| 설명 | Feng Office has a blind XXE vulnerability that can be exploited via document upload.
It's possible to leverage this vulnerability to exfiltrate data from local files and to achieve SSRF.
If PECL expect were installed, this could be escalated to RCE. Depending on the PHP version installed phar:// may also be used to escalate the attack. |
|---|
| 원천 | ⚠️ https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa |
|---|
| 사용자 | mcdruid (UID 79710) |
|---|
| 제출 | 2025. 05. 29. PM 07:35 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 08. PM 08:05 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 311636 [Fengoffice Feng Office 3.2.2.1 Document Upload ApplicationDataObject.class.php XML External Entity] |
|---|
| 포인트들 | 18 |
|---|