Vulnerabilities > CVE-2014-2054
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Vulnerable Configurations
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-2054 PHPExcel是用来操作Office Excel文档的一个PHP类库,它基于微软的OpenXML标准和PHP语言。 PHPExcel在解析XML实体时存在错误,允许攻击者利用漏洞提交包含外部实体引用的XML文档,获取系统文件内容信息。 0 PHPExcel 1.x PHPExcel 1.8.0已经修复该漏洞,建议用户下载更新: https://github.com/PHPOffice/PHPExce |
| id | SSV:61839 |
| last seen | 2017-11-19 |
| modified | 2014-03-18 |
| published | 2014-03-18 |
| reporter | Root |
| title | PHPExcel XML外部实体处理漏洞 |