Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference

A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

XML外部实体引用的不恰当限制(XXE)

Feng Office 代码问题漏洞

Feng Office（前称OpenGoo）是Feng Office团队的一套开源的网上办公系统。该系统提供任务管理、日程管理、文件管理以及Email收发等功能。 Feng Office 3.2.2.1版本存在代码问题漏洞，该漏洞源于对文件/application/models/ApplicationDataObject.class.php的错误操作导致XML外部实体引用。

N/A

N/A