cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171439/MAN-EAM-0003-3.2.4-XML-Injection.html | Exploit Third Party Advisory VDB Entry |
https://drive.google.com/drive/folders/1UG5IcL8fFp9MV0vjd78_cx6iXKda5bpM?usp=sharing | Exploit |
http://packetstormsecurity.com/files/171439/MAN-EAM-0003-3.2.4-XML-Injection.html | Exploit Third Party Advisory VDB Entry |
https://drive.google.com/drive/folders/1UG5IcL8fFp9MV0vjd78_cx6iXKda5bpM?usp=sharing | Exploit |
Configurations
History
21 Nov 2024, 07:17
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/171439/MAN-EAM-0003-3.2.4-XML-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://drive.google.com/drive/folders/1UG5IcL8fFp9MV0vjd78_cx6iXKda5bpM?usp=sharing - Exploit |
Information
Published : 2023-04-16 02:15
Updated : 2024-11-21 07:17
NVD link : CVE-2022-38840
Mitre link : CVE-2022-38840
CVE.ORG link : CVE-2022-38840
JSON object : View
Products Affected
guralp
- man-eam-0003
CWE
CWE-611
Improper Restriction of XML External Entity Reference