Description
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Exploits (1)
exploitdb
WRITEUP
by Ahmed Elhady Mohamed · textwebappsxml
https://www.exploit-db.com/exploits/46000
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/46000/
Scores
CVSS v3
6.5
EPSS
0.0579
EPSS Percentile
90.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
sdl/web_content_manager
8.5.0
Published
Jan 02, 2019
Tracked Since
Feb 18, 2026