An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
https://github.com/DevGroup-ru/dotplant2/issues/400 | Exploit Patch Third Party Advisory |
Configurations
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
Information
Published : 2020-09-18 04:15
Updated : 2024-08-04 16:15
NVD link : CVE-2020-25750
Mitre link : CVE-2020-25750
CVE.ORG link : CVE-2020-25750
JSON object : View
Products Affected
dotplant
- dotplant2
CWE
CWE-611
Improper Restriction of XML External Entity Reference