An XXE issue exists in Tryton Application Platform (Server) 5.x up to and including 5.0.45, 6.x up to and including 6.0.15, and 6.1.x and 6.2.x up to and including 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x up to and including 5.0.11, 6.x up to and including 6.0.4, and 6.1.x and 6.2.x up to and including 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tryton proteus |
||
tryton trytond |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |