The wechat_return function in /controller/Index.php of...
High severity
Unreviewed
Published
Mar 22, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Mar 20, 2022
Published to the GitHub Advisory Database
Mar 22, 2022
Last updated
Jan 27, 2023
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
References