CVE-2019-9757

HIGH NUCLEI

LabKey Server <19.1.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read.

Nuclei Templates (1)

LabKey Server 19.1.0 - XML External Entity (XXE)

HIGHby ritikchaddha

Shodan: title:"LabKey"

FOFA: title="LabKey"

References (2)

[Exploit] https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2019-9757

[Exploit, Third Party Advisory] https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce

Scores

CVSS v3 7.5

EPSS 0.8610

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (1)

labkey/labkey_server 19.1.0

Published Oct 29, 2019

Tracked Since Feb 18, 2026