Vulnerabilities > CVE-2019-19031 - XXE vulnerability in Edit-Xml Easy XML Editor 1.7.8

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
edit-xml
CWE-611
exploit available

Summary

Easy XML Editor through v1.7.8 is affected by: XML External Entity Injection. The impact is: Arbitrary File Read and DoS by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.

Vulnerable Configurations

Part Description Count
Application
Edit-Xml
2

Exploit-Db

idEDB-ID:47945
last seen2020-01-20
modified2020-01-20
published2020-01-20
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47945
titleEasy XML Editor 1.7.8 - XML External Entity Injection

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/155996/easyxmleditor178-xml.txt
idPACKETSTORM:155996
last seen2020-01-20
published2020-01-20
reporterJavier Olmedo
sourcehttps://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html
titleEasy XML Editor 1.7.8 XML Injection