| 标题 | 泛微e-cology RequestInfoByXml XML entity injection |
|---|
| 描述 | The "RequestInfoByXml" API in the "泛微e-cology" system is vulnerable to XML entity injection attacks. This vulnerability is due to the API's improper handling of XML input containing external entities. Attackers can exploit this vulnerability by sending specially crafted XML requests containing entity references to retrieve sensitive information or execute arbitrary code on the system. Successful exploitation of this vulnerability can result in unauthorized access, data exfiltration, and complete system compromise. To mitigate this vulnerability, it is recommended to properly sanitize XML input, configure the XML parser to prevent external entity resolution, or use a secure XML parser that is not vulnerable to these types of attacks. |
|---|
| 来源 | ⚠️ https://github.com/Strangenees/e-cology/blob/main/main.md |
|---|
| 用户 | strangerss (UID 34714) |
|---|
| 提交 | 2023-05-12 04時41分 (3 年前) |
|---|
| 管理 | 2023-05-19 10時23分 (7 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 229411 [Weaver e-cology 直到 9.0 API RequestInfoByXml XML External Entity] |
|---|
| 积分 | 20 |
|---|