PHPExcel prior to 1.8.0, as used in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2, does not disable external entity loading in libxml, which allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 6.0.0 |
||
phpexcel project phpexcel |
||
owncloud owncloud 6.0.1 |
||
owncloud owncloud 5.0.11 |
||
owncloud owncloud 5.0.13 |
||
owncloud owncloud |
||
owncloud owncloud 5.0.6 |
||
owncloud owncloud 5.0.8 |
||
owncloud owncloud 5.0.0 |
||
owncloud owncloud 5.0.1 |
||
owncloud owncloud 5.0.10 |
||
owncloud owncloud 5.0.2 |
||
owncloud owncloud 5.0.3 |
||
owncloud owncloud 5.0.4 |
||
owncloud owncloud 5.0.5 |
||
owncloud owncloud 5.0.12 |
||
owncloud owncloud 5.0.14 |
||
owncloud owncloud 5.0.7 |
||
owncloud owncloud 5.0.9 |