Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Feng Office 代码问题漏洞
Vulnerability Description
Feng Office(前称OpenGoo)是Feng Office团队的一套开源的网上办公系统。该系统提供任务管理、日程管理、文件管理以及Email收发等功能。 Feng Office 3.2.2.1版本存在代码问题漏洞,该漏洞源于对文件/application/models/ApplicationDataObject.class.php的错误操作导致XML外部实体引用。
CVSS Information
N/A
Vulnerability Type
N/A