CVE-2018-16252
LOWFsPro Labs Event Log Explorer 4.6.1.2115 - XML External Entity Injection via .elx File
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-16252. PoCs published by hyp3rlinx.
AI-analyzed exploit summary This exploit demonstrates an XML External Entity (XXE) injection vulnerability in FsPro Labs Event Log Explorer v4.6.1.2115. By crafting a malicious .ELX file, an attacker can read local files from the target system.
Description
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
Exploits (1)
exploitdb
WORKING POC
by hyp3rlinx · textwebappswindows
https://www.exploit-db.com/exploits/45319
This exploit demonstrates an XML External Entity (XXE) injection vulnerability in FsPro Labs Event Log Explorer v4.6.1.2115. By crafting a malicious .ELX file, an attacker can read local files from the target system.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
FsPro Labs Event Log Explorer v4.6.1.2115
No auth needed
Prerequisites:
Attacker must convince the victim to open the malicious .ELX file
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45319/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html
Scores
CVSS v3
3.3
EPSS
0.0250
EPSS Percentile
82.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
fspro/event_log_explorer
4.6.1.2115
Published
Sep 05, 2018
Tracked Since
Feb 18, 2026