An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
Link | Resource |
---|---|
https://github.com/DevGroup-ru/dotplant2/issues/400 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-09-18T03:25:50
Updated: 2020-09-18T03:25:50
Reserved: 2020-09-18T00:00:00
Link: CVE-2020-25750
JSON object: View
NVD Information
Status : Modified
Published: 2020-09-18T04:15:12.127
Modified: 2024-05-17T01:46:22.757
Link: CVE-2020-25750
JSON object: View
Redhat Information
No data.
CWE