cve/2018/CVE-2018-1321.md

### [CVE-2018-1321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1321)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Syncope&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=File%20read%20and%20write%2C%20remote%20code%20execution&color=brighgreen)

### Description

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

### POC

#### Reference
- https://www.exploit-db.com/exploits/45400/

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1321)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Syncope&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=File%20read%20and%20write%2C%20remote%20code%20execution&color=brighgreen)`

			`### Description`

			`An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.`

			`### POC`

			`#### Reference`
			`- https://www.exploit-db.com/exploits/45400/`

			`#### Github`
			`No PoCs found on GitHub currently.`