Vulnerabilities > CVE-2018-16252 - XXE vulnerability in Fspro Event LOG Explorer 4.6.1.2115

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
local
low complexity
fspro
CWE-611
exploit available

Summary

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.

Vulnerable Configurations

Part Description Count
Application
Fspro
1

Exploit-Db

descriptionFsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection. CVE-2018-16252. Webapps exploit for Windows platform. Tags: XML External Entity (XXE)
fileexploits/windows/webapps/45319.txt
idEDB-ID:45319
last seen2018-10-07
modified2018-09-03
platformwindows
port
published2018-09-03
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/45319/
titleFsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/149195/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt
idPACKETSTORM:149195
last seen2018-09-02
published2018-09-01
reporterhyp3rlinx
sourcehttps://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html
titleFsPro Labs Event Log Explorer 4.6.1.2115 XML Injection