Description
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Igor Bulatenko · textremotemultiple
https://www.exploit-db.com/exploits/38805
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55377
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/303900
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/63193
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88105
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/38805/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029208
Scores
EPSS
0.0846
EPSS Percentile
92.4%
Details
CWE
CWE-94
Status
published
Products (1)
sybase/adaptive_server_enterprise
15.7
Published
Oct 19, 2013
Tracked Since
Feb 18, 2026