CVE-2024-13971

EUVD-2024-55563
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
lobster-worldlobster_pro
𝑥
< 4.12.6-ga
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.schutzwerk.com/en/blog/schutzwerk-sa-2024-005/
http://seclists.org/fulldisclosure/2026/May/1