The XML API in Openbravo ERP 2.5, 3.0, and previous versions allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openbravo openbravo erp 2.50 |
||
openbravo openbravo erp |
||
openbravo openbravo erp 2.40 |