Lucene search
Veracode Vulnerability DatabaseVERACODE:7807HistoryNov 15, 2018 - 8:20 a.m.
XML External Entity Injection (XXE)
2018-11-1508:20:07
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.02
Percentile
88.8%
phpspreadsheet is vulnerable to XML external entity injection (XXE). The function securityScan does not support enough encoding mechanism in scanning XMLs for XXE protection, bypassing the malicious XML with UTF-7 encoding.
Related
osv
osv
CVE-2018-19277
2018-11-14 11:29:07
XXE in PHPSpreadsheet due to encoding issue
2019-11-20 01:38:52
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
2019-11-20 01:39:57
prion
prion
Design/Logic Flaw
2018-11-14 11:29:00
Xxe
2019-11-07 15:15:00
exploitpack
exploitpack
PhpSpreadsheet 1.5.0 - XML External Entity (XXE)
2018-11-30 00:00:00
cvelist
cvelist
CVE-2018-19277
2018-11-14 11:00:00
CVE-2019-12331
2019-11-07 14:03:43
github
github
XXE in PHPSpreadsheet due to encoding issue
2019-11-20 01:38:52
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
2019-11-20 01:39:57
exploitdb
exploitdb
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)
2018-11-30 00:00:00
friendsofphp
friendsofphp
XXE Vulnerability
2018-11-22 23:07:00
XXE Vulnerability
2018-11-20 19:50:00
myhack58
myhack58
nvd
nvd
CVE-2018-19277
2018-11-14 11:29:07
CVE-2019-12331
2019-11-07 15:15:10
checkpoint_advisories
checkpoint_advisories
PhpSpreadsheet XML External Entity Injection (CVE-2018-19277)
2019-01-03 00:00:00
zdt
zdt
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability
2018-12-24 00:00:00
cve
cve
CVE-2018-19277
2018-11-14 11:29:07
CVE-2019-12331
2019-11-07 15:15:10
veracode
veracode
XML External Entity (XXE)
2019-11-08 03:24:33