Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-45293XML External Entity (XXE) Injection in Phpspreadsheet

CWE-611XML External Entity (XXE) Injection6 documents6 sources
Severity
7.5HIGHNVD
EPSS
71.6%
top 1.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Phpoffice PhpspreadsheetPhpoffice Phpexcel
Timeline
PublishedOct 7
Latest updateOct 23

Description

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files and sensitive information can be disclosed by providing a crafted sheet. The security scan function in src/PhpSpreadsheet/Reader/Security/XmlScanner.php contains a flawed XML enc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5phpoffice/phpspreadsheet< 1.29.1+2
NVDphpoffice/phpspreadsheet2.0.02.1.1+2
Packagistphpoffice/phpspreadsheet2.2.02.3.0+2
Packagistphpoffice/phpexcel1.8.2

🔴Vulnerability Details

3
GHSA
XXE in PHPSpreadsheet's XLSX reader2024-10-07
CVEList
XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader2024-10-07
OSV
XXE in PHPSpreadsheet's XLSX reader2024-10-07

💥Exploits & PoCs

1
Nuclei
TablePress < 2.4.3 - XXE Injection

📋Vendor Advisories

1
Drupal
Loft Data Grids - Moderately critical - Multiple vulnerabilities - SA-CONTRIB-2024-0542024-10-23
CVE-2024-45293 — XML External Entity (XXE) Injection | cvebase