CVE-2024-45293 PoC — PhpSpreadsheet 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-45293.yaml

Associated Vulnerability

Title:PhpSpreadsheet 安全漏洞 (CVE-2024-45293)
Description:PhpSpreadsheet是PHPOffice开源的一款用于读取和写入电子表格文件的PHP库。 PhpSpreadsheet存在安全漏洞。攻击者利用该漏洞通过提供特制的工作表来泄露服务器文件和敏感信息。

Description

The PHPSpreadsheet library used by the plugin is affected by an XXE as the security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet.

File Snapshot


 id: CVE-2024-45293

info:
  name: TablePress < 2.4.3 - XXE Injection
  author: iamnoooob,ritikchaddh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!