CVE-2019-9670 PoC — Zimbra Collaboration Suite 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-9670.yaml

Associated Vulnerability

Title:Zimbra Collaboration Suite 代码问题漏洞 (CVE-2019-9670)
Description:Synacor Zimbra Collaboration Suite（ZCS）是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra ZCS 8.5版本至8.7.11版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

Description

Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML external entity injection (XXE) vulnerability via the mailboxd component.

File Snapshot


 id: CVE-2019-9670

info:
  name: Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injec

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!