CVE-2015-0923

Ektron Content Management System 8.5, 8.7 < 8.7sp2, 9.0 < sp1 - XML External Entity Injection via XSLT Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0923. PoCs published by catatonicprime, including Metasploit module exploits/windows/http/ektron_xslt_exec_ws.

AI-analyzed exploit summary This Metasploit module exploits an XSLT transformation vulnerability in Ektron CMS to achieve remote code execution via C# script injection in the ServerControlWS.asmx web service.

Description

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

Exploits (1)

metasploit WORKING POC EXCELLENT
by catatonicprime · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ektron_xslt_exec_ws.rb

This Metasploit module exploits an XSLT transformation vulnerability in Ektron CMS to achieve remote code execution via C# script injection in the ServerControlWS.asmx web service.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ektron CMS 8.5, 8.7 <= sp1, 9.0 < sp1
No auth needed
Prerequisites: Network access to the Ektron CMS web service · Vulnerable Ektron version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/377644

Scores

EPSS 0.2203
EPSS Percentile 97.3%

Details

Status published
Products (3)
ektron/ektron_content_management_system 8.5.0
ektron/ektron_content_management_system 8.7.0 (2 CPE variants)
ektron/ektron_content_management_system 8.9.0
Published Feb 14, 2015
Tracked Since Feb 18, 2026