An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated malicious user to access local server files and exfiltrate data to an external server.
Authenticated attackers can exploit a weakness in the XML parser functionality of the Visual Planning application in order to obtain read access to arbitrary files on the application server Depending on configured access permissions, this vulnerability could be used by an attacker to exfiltrate secrets stored on the local file system All versions ...
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Title
=====
Status
======
PUBLISHED
Version
=======
10
CVE reference
=============
CVE-2023-49234
Link
====
wwwschutzwerkcom/advisories/schutzwerk-sa-2023-006/
Text-only version:
wwwschutzwerkcom/advisories/SCHUTZWERK-SA-2023-006txt
Affected products/vendor
========= ...