CVE-2024-50848

MEDIUM

WorldServer 11.8.2 - XML External Entity Injection via Crafted TMX File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-50848. PoCs published by 1mhr4b.

AI-analyzed exploit summary This repository contains a writeup describing an XXE vulnerability in WorldServer v11.8.2, where a crafted .tmx file can be used to access sensitive system information. The vulnerability requires authentication and leverages the Import object and Translation Memory import functionalities.

Description

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.

Exploits (1)

nomisec WRITEUP
by 1mhr4b · poc
https://github.com/1mhr4b/CVE-2024-50848

This repository contains a writeup describing an XXE vulnerability in WorldServer v11.8.2, where a crafted .tmx file can be used to access sensitive system information. The vulnerability requires authentication and leverages the Import object and Translation Memory import functionalities.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WorldServer v11.8.2
Auth required
Prerequisites: Authenticated access to WorldServer · Ability to upload a crafted .tmx file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0115
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-611
Status published
Products (1)
rws/worldserver 11.8.2
Published Nov 18, 2024
Tracked Since Feb 18, 2026