Submeter #685626: https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injectioninformação

Títulohttps://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection
DescriçãoThe cloud network collaborative office system has XML external entity injection. When inputting XML, there is no prohibition on loading external entities, which can result in loading malicious external files, causing harm such as file reading, command execution, internal port scanning, and attacking internal websites.
Fonte⚠️ https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md
Utilizador
 youran (UID 89737)
Submissão30/10/2025 10h00 (há 9 meses)
Moderação14/11/2025 20h01 (15 days later)
EstadoAceite
Entrada VulDB332528 [bestfeng oa_git_free até 9.5 WorkflowPredefineController.java updateWriteBack writeProp XML External Entity]
Pontos18

Want to know what is going to be exploited?

We predict KEV entries!