Home > Vulnerability Database > WS-2018-0057

Mend.io Vulnerability Database

WS-2018-0057

Good to know:

Date: February 23, 2016

XML External Entity Processing vulnerability in TYPO3 6.2.x before 6.2.19 and 7.6.x before 7.6.4. All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure.

Language: PHP

Severity Score

7.3

Related Resources (3)

Url: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-005

Url: https://github.com/TYPO3/TYPO3.CMS/commit/844369e9be6d6fdb47a7e1d802c38ecfe5f1149e

Url: https://www.mend.io/vulnerability-database/WS-2018-0057

Severity Score

7.3

Weakness Type (CWE)

XML Injection (aka Blind XPath Injection)

CWE-91

Top Fix

Upgrade Version

Upgrade to version 6.2.19,7.6.4.

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2018-0057

Good to know:

Date: February 23, 2016

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?