CVE-2013-4295

Apache Shindig < 2.5.0-update1 - Information Disclosure

Title source: rule

Description

The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kousuke Ebihara · textremotemultiple

https://www.exploit-db.com/exploits/38813

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-10/0104.html

[Patch, Vendor Advisory] http://shindig.apache.org/security.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/63260

Scores

EPSS 0.1701

EPSS Percentile 95.0%

Details

CWE

CWE-200

Status published

Products (2)

apache/shindig 2.5.0

org.apache.shindig/shindig-php 2.5.0-beta1 - 2.5.0-update1Maven

Published Oct 24, 2013

Tracked Since Feb 18, 2026