CVE-2018-19371

MEDIUM

SDL Web Content Manager 8.5.0 - XML External Entity Injection via SaveUserSettings Service

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-19371. PoCs published by Ahmed Elhady Mohamed.

AI-analyzed exploit summary This is a writeup describing an XXE vulnerability in SDL Web Content Manager 8.5.0. It outlines steps to exploit the vulnerability via the SaveUserSettings web service, which processes XML input and is susceptible to external entity injection.

Description

The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.

Exploits (1)

exploitdb WRITEUP
by Ahmed Elhady Mohamed · textwebappsxml
https://www.exploit-db.com/exploits/46000

This is a writeup describing an XXE vulnerability in SDL Web Content Manager 8.5.0. It outlines steps to exploit the vulnerability via the SaveUserSettings web service, which processes XML input and is susceptible to external entity injection.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: SDL Web Content Manager 8.5.0
Auth required
Prerequisites: Access to a user account · Ability to intercept and modify HTTP requests · Attacker-controlled server to host malicious DTD
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46000/

Scores

CVSS v3 6.5
EPSS 0.0602
EPSS Percentile 92.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (1)
sdl/web_content_manager 8.5.0
Published Jan 02, 2019
Tracked Since Feb 18, 2026