CVE-2018-1000821

CRITICAL Year: 2018
CVSS v3 Score
10.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-611
View all →

Vulnerability Description

MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8.

Related Vulnerabilities

CVE-2015-9280

CRITICAL
CVSS:10.0(Critical)

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CWE-6112015

CVE-2017-7664

CRITICAL
CVSS:10.0(Critical)

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CWE-6112017

CVE-2017-8110

CRITICAL
CVSS:10.0(Critical)

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CWE-6112017

CVE-2018-1000124

CRITICAL
CVSS:10.0(Critical)

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the c...

CWE-6112018

CVE-2018-1000644

CRITICAL
CVSS:10.0(Critical)

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of ser...

CWE-6112018

CVE-2018-1000651

CRITICAL
CVSS:10.0(Critical)

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning...

CWE-6112018