CVE-2018-19277
published 2018-11-14CVE-2018-19277: securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
PriorityP357high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.79%
93.9th percentile
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | loft_data_grids | — | — |
| drupal | loft_data_grids | >= 0 < 1.4.0 | 1.4.0 |
| phpoffice | phpexcel | >= 0 < 1.8.2 | 1.8.2 |
| phpoffice | phpexcel | 0 – 1.8.2 | — |
| phpoffice | phpspreadsheet | < 1.8.0 | 1.8.0 |
| phpoffice | phpspreadsheet | <= 1.5.0 | — |
| phpoffice | phpspreadsheet | >= 0 < 1.5.1 | 1.5.1 |
| phpoffice | phpspreadsheet | >= 0 < 1.8.0 | 1.8.0 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2018-19277: This module enables aklump/loft\_data\_grids to be used as a Drupal module
osv·2021-10-13·CVSS 8.8
CVE-2018-19277 [HIGH] CVE-2018-19277: This module enables aklump/loft\_data\_grids to be used as a Drupal module
This module enables aklump/loft\_data\_grids to be used as a Drupal module.
Excel support was provided by , which is abandoned and there are known security vulnerabilities: [CVE-2018-19277]: PHPOffice/PhpSpreadsheet#771. Excel support has since been replaced with the newer library.
This module provides an API and This vulnerability is not exploitable in the module itself. This vulnerability only exists if custom code or another module uses the API of this module to read a spreadsheet.
OSV
XXE in PHPSpreadsheet due to encoding issue
osv·2019-11-20
CVE-2018-19277 [HIGH] XXE in PHPSpreadsheet due to encoding issue
XXE in PHPSpreadsheet due to encoding issue
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
GHSA
XXE in PHPSpreadsheet due to encoding issue
ghsa·2019-11-20
CVE-2018-19277 [HIGH] CWE-91 XXE in PHPSpreadsheet due to encoding issue
XXE in PHPSpreadsheet due to encoding issue
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
OSV
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
osv·2019-11-20·CVSS 8.8
CVE-2019-12331 [HIGH] XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack.
GHSA
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
ghsa·2019-11-20·CVSS 8.8
CVE-2019-12331 [HIGH] CWE-611 XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml payload to utf-7 it is possible to bypass the check for the string ?<!ENTITY? and thus allowing for an xml external entity processing (XXE) attack.
Drupal
Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043
vendor_drupal·2021-10-13·CVSS 8.8
CVE-2018-19277 [HIGH] Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043
Title: Loft Data Grids - Moderately critical - XML External Entity (XXE) Processing - SA-CONTRIB-2021-043
Vulnerability Type: XML External Entity (XXE) Processing
Description: This module enables aklump/loft_data_grids to be used as a Drupal module. Excel support was provided by https://packagist.org/packages/phpoffice/phpexcel , which is abandoned and there are known security vulnerabilities: [CVE-2018-19277]: PHPOffice/PhpSpreadsheet#771. Excel support has since been replaced with the newer https://github.com/PHPOffice/PhpSpreadsheet library. This module provides an API and This vulnerability is not exploitable in the module itself. This vulnerability only exists if custom code or another module uses the API of this module to read a spreadsheet.
Solution: Upgraded to the the latest ve
No detection rules found.
No writeups or analysis indexed.
https://github.com/MewesK/TwigSpreadsheetBundle/issues/18https://github.com/PHPOffice/PhpSpreadsheet/issues/771https://www.bishopfox.com/news/2018/11/phpoffice-versions/https://www.drupal.org/sa-contrib-2021-043https://github.com/MewesK/TwigSpreadsheetBundle/issues/18https://github.com/PHPOffice/PhpSpreadsheet/issues/771https://www.bishopfox.com/news/2018/11/phpoffice-versions/https://www.drupal.org/sa-contrib-2021-043
2018-11-14
Published