Submit #547585: youkefu v4.2.0 xxeinfo

Titleyoukefu v4.2.0 xxe
DescriptionThe YoukeFu system contains an XXE vulnerability that enables file reading, out-of-band (OOB) attacks, SSRF, and other exploits. The system fails to implement any defensive measures for the incoming routercontent parameter and directly parses the XML document passed through this parameter.
Source⚠️ https://github.com/askqiu/cve/blob/main/README.md
User
 feverwizard (UID 83575)
Submission04/01/2025 08:24 (1 Year ago)
Moderation04/03/2025 20:56 (3 days later)
StatusAccepted
VulDB entry303267 [zhangyanbo2007 youkefu up to 4.2.0 XML Document CallCenterRouterController.java routercontent xml external entity reference]
Points15

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!