Vulnerabilities > CVE-2019-19031 - XXE vulnerability in Edit-Xml Easy XML Editor 1.7.8

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

edit-xml

CWE-611

exploit available

NVD

Published: 2019-12-30

Updated: 2022-01-01

Summary

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.

Vulnerable Configurations

Part	Description	Count
Application	Edit-Xml Edit XML Easy XML Editor - Edit XML Easy XML Editor 1.7.8	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit-Db

id	EDB-ID:47945
last seen	2020-01-20
modified	2020-01-20
published	2020-01-20
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47945
title	Easy XML Editor 1.7.8 - XML External Entity Injection

Packetstorm

data source	https://packetstormsecurity.com/files/download/155996/easyxmleditor178-xml.txt
id	PACKETSTORM:155996
last seen	2020-01-20
published	2020-01-20
reporter	Javier Olmedo
source	https://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html
title	Easy XML Editor 1.7.8 XML Injection

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References