cve/CVE-2019-20153.md at 3877a24e5dfa1e5207c3ff2cc1b39969dba74f43

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).

POC

Reference

https://www.n00py.io/2020/01/zero-day-exploit-in-determine-selectica-contract-lifecycle-management-sclm-v5-4/

Github

No PoCs found on GitHub currently.

875 B Raw Blame History

CVE-2019-20153

Description

POC

Reference

Github

875 B

Raw Blame History