CVE-2018-1000526

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.
aka Blind XPath Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
openpsa2openpsa
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/
https://github.com/flack/openpsa/issues/192
https://0dd.zone/2018/05/31/OpenPSA-Object-Injection/
https://github.com/flack/openpsa/issues/192