Michael Mraka

1 exploit Active since Feb 2020
CVE-2020-1693 WRITEUP HIGH WRITEUP
Spacewalk < 2.9 - Unauthenticated XML External Entity Injection via /rpc/api Endpoint
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
CVSS 8.6