CVE-2014-2054
published 2014-06-04CVE-2014-2054: PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.54%
71.7th percentile
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | owncloud_server | <= 5.0.14 | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| phpexcel_project | phpexcel | <= 1.7.9 | — |
| phpoffice | phpexcel | >= 0 < 1.8.0 | 1.8.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
PHPExcel vulnerable to XXE attacks through libxml
osv·2022-05-17
CVE-2014-2054 [MEDIUM] PHPExcel vulnerable to XXE attacks through libxml
PHPExcel vulnerable to XXE attacks through libxml
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
GHSA
PHPExcel vulnerable to XXE attacks through libxml
ghsa·2022-05-17
CVE-2014-2054 [MEDIUM] CWE-611 PHPExcel vulnerable to XXE attacks through libxml
PHPExcel vulnerable to XXE attacks through libxml
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-06-04
Published