Giters

mbadanoiu / CVE-2021-46365

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

0-dayauthenticatedcvecvesxxecve-2021-46365

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

CVE-2021-46365: Unsafe XML Parsing in Magnolia CMS

0-dayauthenticatedcvecvesxxecve-2021-46365