Xiuno BBS 4.0 Improper Restriction of XML External Entity Reference Vulnerability

Summary

Xiuno BBS 4.0 suffers from improper restriction of xml external entity reference vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://gitee.com/xiuno/xiunobbs/issues/I177MY


Details

Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php.

 

Vulnerable Systems:

Xiuno BBS 4.0

 

CVE Information:

CVE-2019-19998

Disclosure Timeline:
Published Date:12/25/2019

Categories: News