CVE-2018-1000542
HIGHnetbeans-mmd-plugin <=1.4.3 - SSRF/Info Disclosure/RCE
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-1000542. PoCs published by forse01.
AI-analyzed exploit summary The repository contains only a README.md file with minimal information about CVE-2018-1000542, lacking any exploit code or technical details.
Description
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
Exploits (1)
nomisec
STUB
by forse01 · poc
https://github.com/forse01/CVE-2018-1000542-NetBeans
The repository contains only a README.md file with minimal information about CVE-2018-1000542, lacking any exploit code or technical details.
Classification
Stub 10%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
NetBeans (version unspecified)
No auth needed
Prerequisites:
none
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/raydac/netbeans-mmd-plugin/issues/45
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
Scores
CVSS v3
7.8
EPSS
0.0273
EPSS Percentile
84.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
netbeans-mmd-plugin_project/netbeans-mmd-plugin
1.4.3
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026