Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pachno 1.0.6 Wiki TextParser XML External Entity Injection
Vulnerability Description
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
将文件描述符暴露给不受控制的范围(文件描述符泄露)
Vulnerability Title
Pachno 安全漏洞
Vulnerability Description
Pachno是Pachno开源的一个用于协作的开源平台。 Pachno 1.0.6版本存在安全漏洞,该漏洞源于XML解析不安全,可能导致未经验证的攻击者读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A