CWE-610
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
CVE-2025-3241 (GCVE-0-2025-3241)
Vulnerability from cvelistv5 – Published: 2025-04-04 11:00 – Updated: 2025-04-04 11:56
VLAI
Title
zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference
Summary
A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
6.3 (Medium)
6.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.303267 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.303267 | signaturepermissions-required |
| https://vuldb.com/?submit.547585 | third-party-advisory |
| https://github.com/askqiu/cve/blob/main/README.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zhangyanbo2007 | youkefu |
Affected:
4.0
Affected: 4.1 Affected: 4.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3241",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T11:55:24.965372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T11:56:07.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"XML Document Handler"
],
"product": "youkefu",
"vendor": "zhangyanbo2007",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"status": "affected",
"version": "4.1"
},
{
"status": "affected",
"version": "4.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "feverwizard (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in zhangyanbo2007 youkefu up to 4.2.0. This affects an unknown part of the file src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java of the component XML Document Handler. The manipulation of the argument routercontent leads to xml external entity reference. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in zhangyanbo2007 youkefu bis 4.2.0 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei src/main/java/com/ukefu/webim/web/handler/admin/callcenter/CallCenterRouterController.java der Komponente XML Document Handler. Durch Manipulieren des Arguments routercontent mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T11:00:11.294Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-303267 | zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.303267"
},
{
"name": "VDB-303267 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.303267"
},
{
"name": "Submit #547585 | youkefu v4.2.0 xxe",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.547585"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/askqiu/cve/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-04-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-04-03T21:01:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "zhangyanbo2007 youkefu XML Document CallCenterRouterController.java xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-3241",
"datePublished": "2025-04-04T11:00:11.294Z",
"dateReserved": "2025-04-03T18:56:44.451Z",
"dateUpdated": "2025-04-04T11:56:07.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48963 (GCVE-0-2025-48963)
Vulnerability from cvelistv5 – Published: 2025-08-28 09:49 – Updated: 2026-02-26 17:47
VLAI
Summary
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 40296
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T03:55:22.901084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:54.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "40296",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@vultza (https://hackerone.com/vultza)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40296."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T09:49:57.936Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-8568",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-8568"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2025-48963",
"datePublished": "2025-08-28T09:49:57.936Z",
"dateReserved": "2025-05-29T00:22:59.557Z",
"dateUpdated": "2026-02-26T17:47:54.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5877 (GCVE-0-2025-5877)
Vulnerability from cvelistv5 – Published: 2025-06-09 12:31 – Updated: 2025-06-09 13:00
VLAI
Title
Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference
Summary
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311636 | vdb-entry |
| https://vuldb.com/?ctiid.311636 | signaturepermissions-required |
| https://vuldb.com/?submit.586971 | third-party-advisory |
| https://gist.github.com/mcdruid/e78694d754f448848… | related |
| https://gist.github.com/mcdruid/e78694d754f448848… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fengoffice | Feng Office |
Affected:
3.2.2.1
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:00:41.749852Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:00:44.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Document Upload Handler"
],
"product": "Feng Office",
"vendor": "Fengoffice",
"versions": [
{
"status": "affected",
"version": "3.2.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mcdruid (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in Fengoffice Feng Office 3.2.2.1 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /application/models/ApplicationDataObject.class.php der Komponente Document Upload Handler. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T12:31:04.643Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311636 | Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.311636"
},
{
"name": "VDB-311636 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311636"
},
{
"name": "Submit #586971 | Feng Office \u003e= v3.2.2.1 XXE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.586971"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mcdruid/e78694d754f44884830898be082fcbaa#steps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-08T20:10:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5877",
"datePublished": "2025-06-09T12:31:04.643Z",
"dateReserved": "2025-06-08T18:05:09.822Z",
"dateUpdated": "2025-06-09T13:00:44.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7523 (GCVE-0-2025-7523)
Vulnerability from cvelistv5 – Published: 2025-07-13 07:02 – Updated: 2025-07-15 19:54
VLAI
Title
Jinher OA DelTemp.aspx xml external entity reference
Summary
A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.316220 | vdb-entry |
| https://vuldb.com/?ctiid.316220 | signaturepermissions-required |
| https://vuldb.com/?submit.611183 | third-party-advisory |
| https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability | related |
| https://github.com/BigMancer/Jinhe-OA-XXE-Vulnera… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7523",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:44:37.582369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:54:19.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OA",
"vendor": "Jinher",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BluesCat (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jinher OA 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Jinher OA 1.0 gefunden. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx. Durch die Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T07:02:05.374Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316220 | Jinher OA DelTemp.aspx xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.316220"
},
{
"name": "VDB-316220 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316220"
},
{
"name": "Submit #611183 | jinhe OA V1.0 XML External Entity Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.611183"
},
{
"tags": [
"related"
],
"url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BigMancer/Jinhe-OA-XXE-Vulnerability?tab=readme-ov-file#proof-of-concept"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T08:56:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jinher OA DelTemp.aspx xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7523",
"datePublished": "2025-07-13T07:02:05.374Z",
"dateReserved": "2025-07-12T06:51:04.084Z",
"dateUpdated": "2025-07-15T19:54:19.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7823 (GCVE-0-2025-7823)
Vulnerability from cvelistv5 – Published: 2025-07-19 12:44 – Updated: 2025-07-21 15:46
VLAI
Title
Jinher OA ProjectScheduleDelete.aspx xml external entity reference
Summary
A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.316924 | vdb-entry |
| https://vuldb.com/?ctiid.316924 | signaturepermissions-required |
| https://vuldb.com/?submit.616841 | third-party-advisory |
| https://github.com/cc2024k/CVE/issues/3 | exploitissue-tracking |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7823",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T15:46:38.256657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T15:46:51.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OA",
"vendor": "Jinher",
"versions": [
{
"status": "affected",
"version": "1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cc2024k (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jinher OA 1.2. It has been declared as problematic. This vulnerability affects unknown code of the file ProjectScheduleDelete.aspx. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In Jinher OA 1.2 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei ProjectScheduleDelete.aspx. Durch die Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-19T12:44:06.138Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316924 | Jinher OA ProjectScheduleDelete.aspx xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.316924"
},
{
"name": "VDB-316924 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316924"
},
{
"name": "Submit #616841 | Jinhe OA V1.2 XML External Entity Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.616841"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/cc2024k/CVE/issues/3"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-18T19:48:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jinher OA ProjectScheduleDelete.aspx xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7823",
"datePublished": "2025-07-19T12:44:06.138Z",
"dateReserved": "2025-07-18T17:43:29.265Z",
"dateUpdated": "2025-07-21T15:46:51.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7824 (GCVE-0-2025-7824)
Vulnerability from cvelistv5 – Published: 2025-07-19 13:02 – Updated: 2025-07-21 15:48
VLAI
Title
Jinher OA XmlHttp.aspx xml external entity reference
Summary
A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.316925 | vdb-entry |
| https://vuldb.com/?ctiid.316925 | signaturepermissions-required |
| https://vuldb.com/?submit.616842 | third-party-advisory |
| https://github.com/cc2024k/CVE/issues/2 | exploitissue-tracking |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7824",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-21T15:47:26.709353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-21T15:48:01.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OA",
"vendor": "Jinher",
"versions": [
{
"status": "affected",
"version": "1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cc2024k (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Jinher OA 1.1. It has been rated as problematic. This issue affects some unknown processing of the file XmlHttp.aspx. The manipulation leads to xml external entity reference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Jinher OA 1.1 ausgemacht. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei XmlHttp.aspx. Durch Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-19T13:02:05.434Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316925 | Jinher OA XmlHttp.aspx xml external entity reference",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.316925"
},
{
"name": "VDB-316925 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316925"
},
{
"name": "Submit #616842 | Jinhe OA V1.1 XML External Entity Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.616842"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/cc2024k/CVE/issues/2"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-18T19:48:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Jinher OA XmlHttp.aspx xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7824",
"datePublished": "2025-07-19T13:02:05.434Z",
"dateReserved": "2025-07-18T17:43:37.124Z",
"dateUpdated": "2025-07-21T15:48:01.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8057 (GCVE-0-2025-8057)
Vulnerability from cvelistv5 – Published: 2025-09-16 14:02 – Updated: 2026-06-05 11:43
VLAI
Title
IDOR in Patika Global Technologies' HumanSuite
Summary
Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.
This issue affects HumanSuite: before 53.21.0.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-25-0257 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Patika Global Technologies | HumanSuite |
Affected:
0 , < 53.21.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T14:27:53.707046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T14:27:56.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HumanSuite",
"vendor": "Patika Global Technologies",
"versions": [
{
"lessThan": "53.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Berkan Er"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.\u003cp\u003eThis issue affects HumanSuite: before 53.21.0.\u003c/p\u003e"
}
],
"value": "Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client.\n\nThis issue affects HumanSuite: before 53.21.0."
}
],
"impacts": [
{
"capecId": "CAPEC-22",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-22 Exploiting Trust in Client"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T11:43:27.659Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0257"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0257"
}
],
"source": {
"advisory": "TR-25-0257",
"defect": [
"TR-25-0257"
],
"discovery": "UNKNOWN"
},
"title": "IDOR in Patika Global Technologies\u0027 HumanSuite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-8057",
"datePublished": "2025-09-16T14:02:47.457Z",
"dateReserved": "2025-07-22T13:39:35.568Z",
"dateUpdated": "2026-06-05T11:43:27.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9065 (GCVE-0-2025-9065)
Vulnerability from cvelistv5 – Published: 2025-09-09 12:51 – Updated: 2025-09-09 13:23
VLAI
Title
Rockwell Automation ThinManager® Server-Side Request Forgery Vulnerability
Summary
A server-side request forgery security issue exists within Rockwell Automation ThinManager® software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer® service account NTLM hash.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | ThinManager |
Affected:
13.0 - 14.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T13:23:19.121711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:23:24.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinManager",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "13.0 - 14.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash.\u003c/span\u003e"
}
],
"value": "A server-side request forgery security issue exists within Rockwell Automation ThinManager\u00ae software due to the lack of input sanitization. Authenticated attackers can exploit this vulnerability by specifying external SMB paths, exposing the ThinServer\u00ae service account NTLM hash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T12:51:42.091Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1743.html"
}
],
"source": {
"advisory": "SD1743",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ThinManager\u00ae Server-Side Request Forgery Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-9065",
"datePublished": "2025-09-09T12:51:42.091Z",
"dateReserved": "2025-08-15T13:58:23.749Z",
"dateUpdated": "2025-09-09T13:23:24.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-0522 (GCVE-0-2026-0522)
Vulnerability from cvelistv5 – Published: 2026-04-01 13:11 – Updated: 2026-04-01 13:41
VLAI
Title
Local File Inclusion in the File Upload/Download Process
Summary
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.
This issue affects VertiGIS FM: 10.5.00119 (0d29d428).
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.redguard.ch/blog/2026/04/01/advisory-… | third-party-advisorytechnical-description |
| https://support.vertigis.com/hc/en-us/articles/31… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VertiGIS | VertiGIS FM |
Affected:
0 , < 10.11.363
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T13:41:03.252558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:41:23.300Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VertiGIS FM",
"vendor": "VertiGIS",
"versions": [
{
"lessThan": "10.11.363",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vertigis:vertigis_fm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.11.363",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Benjamin Faller, Redguard AG"
},
{
"lang": "en",
"type": "finder",
"value": "David Wischnjak, Redguard AG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003eA local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file\u0027s path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application\u0027s ASP.NET architecture, this could potentially lead to remote code execution when the \"web.config\" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThis issue affects VertiGIS FM: 10.5.00119 (0d29d428).\u003c/p\u003e"
}
],
"value": "A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file\u0027s path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application\u0027s ASP.NET architecture, this could potentially lead to remote code execution when the \"web.config\" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks.\n\n\n\n\n\n\n\nThis issue affects VertiGIS FM: 10.5.00119 (0d29d428)."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T13:11:13.384Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.vertigis.com/hc/en-us/articles/31214433137042-Security-Vulnerability-VertiGIS-FM"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local File Inclusion in the File Upload/Download Process",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2026-0522",
"datePublished": "2026-04-01T13:11:13.384Z",
"dateReserved": "2025-12-17T08:22:38.979Z",
"dateUpdated": "2026-04-01T13:41:23.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1218 (GCVE-0-2026-1218)
Vulnerability from cvelistv5 – Published: 2026-01-20 05:32 – Updated: 2026-02-23 08:52
VLAI
Title
Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference
Summary
A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.341908 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.341908 | signaturepermissions-required |
| https://vuldb.com/?submit.735201 | third-party-advisory |
| https://github.com/dingpotian/cve-vul/blob/main/S… | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bjskzy | Zhiyou ERP |
Affected:
11.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1218",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T20:21:32.301398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T20:22:43.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"com.artery.richclient.RichClientService"
],
"product": "Zhiyou ERP",
"vendor": "Bjskzy",
"versions": [
{
"status": "affected",
"version": "11.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dptcc (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T08:52:03.555Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-341908 | Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.341908"
},
{
"name": "VDB-341908 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.341908"
},
{
"name": "Submit #735201 | Bjskzy Enterprise Resource Planning Software 11.0 XML External Entity Reference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.735201"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://github.com/dingpotian/cve-vul/blob/main/Shikong-Zhiyou-ERP/Shikong-Zhiyou-ERP-XXE-RichClientService-initRCForm.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-19T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-20T08:20:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "Bjskzy Zhiyou ERP com.artery.richclient.RichClientService RichClientService.class initRCForm xml external entity reference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-1218",
"datePublished": "2026-01-20T05:32:07.224Z",
"dateReserved": "2026-01-19T23:19:20.859Z",
"dateUpdated": "2026-02-23T08:52:03.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.