Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-19277 — XML Injection (aka Blind XPath Injection) in Phpexcel

CWE-91 — XML Injection (aka Blind XPath Injection)CWE-611 — XML External Entity (XXE) Injection9 documents6 sources

Severity

8.8HIGHNVD

EPSS

3.1%

top 13.09%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpoffice Phpexcel Phpoffice Phpspreadsheet Drupal Loft Data Grids

Timeline

PublishedNov 14

Latest updateOct 13

Description

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Packagistphpoffice/phpspreadsheet< 1.5.1+1

▶NVDphpoffice/phpspreadsheet1.5.0

▶Packagistphpoffice/phpexcel< 1.8.2+1

▶Packagistdrupal/loft_data_grids< 1.4.0

🔴Vulnerability Details

OSV

CVE-2018-19277: This module enables aklump/loft\_data\_grids to be used as a Drupal module↗2021-10-13

▶

OSV

XXE in PHPSpreadsheet due to encoding issue↗2019-11-20

▶

GHSA

XXE in PHPSpreadsheet due to encoding issue↗2019-11-20

▶

GHSA

XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue↗2019-11-20

▶

CVEList

CVE-2019-12331: PHPOffice PhpSpreadsheet before 1↗2019-11-07

▶

💥Exploits & PoCs

Exploit-DB

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)↗2018-11-30

▶

📋Vendor Advisories

Drupal

Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043↗2021-10-13

▶