Vulnerabilities > CVE-2015-7743 - XXE vulnerability in Paessler Prtg Network Monitor
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/137255/rt-sa-2015-012.txt |
id | PACKETSTORM:137255 |
last seen | 2016-12-05 |
published | 2016-05-31 |
reporter | redteam-pentesting.de |
source | https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html |
title | Paessler PRTG Network Monitor 14.4.12.3282 XXE Injection |
References
- https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html
- https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html
- https://www.paessler.com/prtg/history/stable#16.2.23.3077
- https://www.paessler.com/prtg/history/stable#16.2.23.3077