Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-8819

Published: 14/06/2018 Updated: 27/07/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Automatedlogic Webctrl

Vulnerability Summary

An XXE issue exists in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

carrier automatedlogic webctrl 6.0

carrier automatedlogic webctrl 6.1

carrier automatedlogic webctrl 6.5

Exploits

Exploit DB: WebCTRL Out-Of-Band XML Injection
WebCTRL suffers from an out-of-band XML external entity injection vulnerability ...

References

CWE-611https://hateshape.github.io/general/2018/06/07/CVE-2018-8819.htmlhttp://seclists.org/fulldisclosure/2018/Jun/21http://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/148126/WebCTRL-Out-Of-Band-XML-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook