Отправить #685626: https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injectionИнформация

Названиеhttps://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection
ОписаниеThe cloud network collaborative office system has XML external entity injection. When inputting XML, there is no prohibition on loading external entities, which can result in loading malicious external files, causing harm such as file reading, command execution, internal port scanning, and attacking internal websites.
Источник⚠️ https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md
Пользователь
 youran (UID 89737)
Представление30.10.2025 10:00 (9 месяцы назад)
Модерация14.11.2025 20:01 (15 days later)
Статуспринято
Запись VulDB332528 [bestfeng oa_git_free до 9.5 WorkflowPredefineController.java updateWriteBack writeProp XML External Entity]
Баллы18

Do you know our Splunk app?

Download it now for free!