Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/12/2022 Updated: 22/12/2022

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

An XML external entity (XXE) injection vulnerability in XML-RPC.NET prior to 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xml-rpc.net project xml-rpc.net

Proof of Concept (PoC) for CookComputing XML-RPC.NET XXE <2.5.0

[CVE-2022-47514] proXXE Proof of Concept CVE (+Exploit) Author: Farzan Karimi CVE Summary: An XML external entity (XXE) injection vulnerability in XML-RPCNET before 250 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingbackaspx POST request While the POST response initially appears to be a limited XXE

CWE-611 https://papercutsoftware.github.io/XML-RPC.NET/download.html https://github.com/jumpycastle/xmlrpc.net-poc https://nvd.nist.gov https://github.com/jumpycastle/xmlrpc.net-poc

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-47514

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect