CVE-2018-1000540
HIGHLoboEvolution < 9b75694cedfa4825d4a2330abf2719d470c654cd - SSRF
Title source: llmDescription
LoboEvolution version < 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity (XXE) vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted XML file.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/oswetto/LoboEvolution/issues/38
Scores
CVSS v3
7.8
EPSS
0.0122
EPSS Percentile
64.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
loboevolution_project/loboevolution
< 0.99.3
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026