Home > Vulnerability Database > CVE-2015-10029

Mend.io Vulnerability Database

CVE-2015-10029

Good to know:

Date: January 7, 2023

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability.

Language: PHP

Severity Score

5.5

Related Resources (7)

Url: https://github.com/kelvinmo/simplexrd/releases/tag/v3.1.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-10029

Url: https://github.com/kelvinmo/simplexrd

Url: https://vuldb.com/?ctiid.217630

Url: https://github.com/kelvinmo/simplexrd/commit/4c9f2e028523ed705b555eca2c18c64e71f1a35d

Url: https://vuldb.com/?id.217630

Url: https://www.mend.io/vulnerability-database/CVE-2015-10029

Severity Score

5.5

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version v3.1.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.9
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-10029

Good to know:

Date: January 7, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?