← back
CVE-2022-38840

CVE-2022-38840

CVSS 7.5 HIGHEPSS 9.8%CWE-611
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/171439/MAN-EAM-0003-3.2.4-XML-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51037unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171439/MAN-EAM-0003-3.2.4-XML-Injection.htmlhttps://drive.google.com/drive/folders/1UG5IcL8fFp9MV0vjd78_cx6iXKda5bpM?usp=sharing