CVE-2020-19954

CVE-2020-19954

EPSS 1.2%

An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/zhuxianjin/vuln_repo/blob/master/S-CMS%20v3.0%20XXE%20Arbitrary%20File%20Read%20Vulnerability.md