Vulnerabilities > Phpoffice > Phpspreadsheet > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-07 CVE-2024-45290 Absolute Path Traversal vulnerability in PHPoffice PHPspreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
network
low complexity
phpoffice CWE-36
7.5
7.5
2024-10-07 CVE-2024-45291 Server-Side Request Forgery (SSRF) vulnerability in PHPoffice PHPspreadsheet
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
network
low complexity
phpoffice CWE-918
8.8
8.8
2019-11-07 CVE-2019-12331 XXE vulnerability in PHPoffice PHPspreadsheet
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue.
network
low complexity
phpoffice CWE-611
8.8
8.8
2018-11-14 CVE-2018-19277 XML Injection (aka Blind XPath Injection) vulnerability in PHPoffice PHPspreadsheet
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
network
low complexity
phpoffice CWE-91
8.8
8.8