PhpSpreadsheet XmlScanner XXE Vulnerability (DC-pending)

2024-11-19

Platform: PhpSpreadsheet
Version: < 1.29.4, >= 2.0.0 < 2.1.3, >= 2.2.0 < 2.3.2, >= 3.3.0 < 3.4.0 Vulnerability: XXE (XML External Entity) Severity: High Date: October 10, 2024

What Undercode Says:

This blog post details a recently discovered XXE vulnerability in PhpSpreadsheet versions prior to 1.29.4, 2.1.3, 2.3.2, and 3.4.0. The vulnerability resides in the `XmlScanner` class’s `findCharSet` method, which is responsible for determining the file’s character encoding. An attacker can exploit this by crafting a specific payload encoded in UTF-7 and appending a specially crafted comment to bypass the sanitization mechanism. This allows for remote code execution on the vulnerable system.

The blog post also outlines steps to create a Proof-of-Concept (PoC) exploit and recommends upgrading to patched versions (1.29.4, 2.1.3, 2.3.2, or 3.4.0) to mitigate the risk.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top