CVE-2018-1000542
HIGHnetbeans-mmd-plugin <=1.4.3 - SSRF/Info Disclosure/RCE
Title source: llmDescription
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/raydac/netbeans-mmd-plugin/issues/45
Exploit, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
Scores
CVSS v3
7.8
EPSS
0.0135
EPSS Percentile
80.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (1)
netbeans-mmd-plugin_project/netbeans-mmd-plugin
1.4.3
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026