CVE-2024-2826

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.

Related Vulnerabilities

CVE-2017-18438

MEDIUM
CVSS:6.3(Medium)

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

CWE-6112017

CVE-2023-49234

MEDIUM
CVSS:6.3(Medium)

An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.

CWE-6112023

CVE-2024-49535

MEDIUM
CVSS:6.3(Medium)

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability ...

CWE-6112024

CVE-2015-7968

MEDIUM
CVSS:6.4(Medium)

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

CWE-6112015

CVE-2017-16349

MEDIUM
CVSS:6.4(Medium)

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in infor...

CWE-6112017