Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ektron Content Management System XML外部实体注入漏洞
Vulnerability Description
Ektron Content Management System(CMS)是美国Ektron公司的一套企业级Web内容管理系统(CMS)。该系统支持所见即所得编辑器、内容布局和拖拽操作等。 Ektron CMS的Workarea/ServerControlWS.asmx文件中的ContentBlockEx方法存在安全漏洞。远程攻击者可借助‘xslt’参数中命名的XML文档中的外部实体声明和实体引用利用该漏洞读取任意文件。以下版本受到影响:Ektron CMS 8.5版本,8.7sp2之前8.7版本,sp1
CVSS Information
N/A
Vulnerability Type
N/A