提交 #685626: https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection信息

标题https://gitee.com/bestfeng/oa_git_free oa_git_free 8.0 XML external entity injection
描述The cloud network collaborative office system has XML external entity injection. When inputting XML, there is no prohibition on loading external entities, which can result in loading malicious external files, causing harm such as file reading, command execution, internal port scanning, and attacking internal websites.
来源⚠️ https://github.com/bkglfpp/CVE-md/blob/main/%E4%BA%91%E7%BD%91%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F/XXE.md
用户
 youran (UID 89737)
提交2025-10-30 10時00分 (9 月前)
管理2025-11-14 20時01分 (15 days later)
状态已接受
VulDB条目332528 [bestfeng oa_git_free 直到 9.5 WorkflowPredefineController.java updateWriteBack writeProp XML External Entity]
积分18

Want to know what is going to be exploited?

We predict KEV entries!