GobyVuls/Zimbra/CVE-2019-9670/README.md

# CVE-2019-9670 Zimbra XXE

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.

**Affected version**: Zimbra Collaboration Suite 8.7.0 - 8.7.11

**[FOFA](https://fofa.so/result?q=app%3D%22Zimbra%22&qbase64=YXBwPSJaaW1icmEi&file=&file=) query rule**: app="Zimbra"

# Demo

![](CVE-2019-9670.gif)
add CVE-2019-9670 2020-12-03 20:08:21 +08:00			`# CVE-2019-9670 Zimbra XXE`

			`mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability.`

			`Affected version: Zimbra Collaboration Suite 8.7.0 - 8.7.11`

			`[FOFA](https://fofa.so/result?q=app%3D%22Zimbra%22&qbase64=YXBwPSJaaW1icmEi&file=&file=) query rule: app="Zimbra"`

			`# Demo`

			`![](CVE-2019-9670.gif)`