Vulnerabilities > CVE-2015-7743 - XXE vulnerability in Paessler Prtg Network Monitor

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
paessler
CWE-611

Summary

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/137255/rt-sa-2015-012.txt
idPACKETSTORM:137255
last seen2016-12-05
published2016-05-31
reporterredteam-pentesting.de
sourcehttps://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html
titlePaessler PRTG Network Monitor 14.4.12.3282 XXE Injection