CVE-2019-13358

Published July 5th, 2019

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

opencats/OpenCATS

Open-source applicant tracking system (ATS) and recruitment CRM for staffing agencies and hiring teams.

GitHub

695