Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-229x-22xc-2f2w: Zendframework Local file disclosure via XXE injection in Zend_XmlRpc

Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.

ghsa
#vulnerability#git#php

Zendframework Local file disclosure via XXE injection in Zend_XmlRpc

High severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname