CVE-2018-8940

ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue.
References
Link Resource
https://seclists.org/fulldisclosure/2019/May/9 Exploit Mailing List Third Party Advisory
https://seclists.org/fulldisclosure/2019/May/9 Exploit Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:enghouse:contact_center\:_service_provider:7.2.5:*:*:*:*:*:*:*

History

21 Nov 2024, 04:14

Type Values Removed Values Added
References () https://seclists.org/fulldisclosure/2019/May/9 - Mailing List, Exploit, Third Party Advisory () https://seclists.org/fulldisclosure/2019/May/9 - Exploit, Mailing List, Third Party Advisory

Information

Published : 2019-05-14 19:29

Updated : 2024-11-21 04:14


NVD link : CVE-2018-8940

Mitre link : CVE-2018-8940

CVE.ORG link : CVE-2018-8940


JSON object : View

Products Affected

enghouse

  • contact_center\
CWE
CWE-611

Improper Restriction of XML External Entity Reference