CVE-2022-47514

Published
View on NVD ↗
CVSS v3
8.8
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

An XML external entity (XXE) injection vulnerability in XML-RPC.NET before 2.5.0 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, as demonstrated by a pingback.aspx POST request.

jumpycastle/xmlrpc.net-poc
jumpycastle/xmlrpc.net-poc
Proof of Concept (PoC) for CookComputing XML-RPC.NET XXE <2.5.0
GitHubGitHub