CVE-2024-45293 | PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0 Excel Parser XmlScanner.php toUtf8 xml external entity reference (GHSA-6hwr-6v2f-3m88)

Posted by Angelo Barbosa | Oct 7, 2024 | CVE

A vulnerability classified as problematic has been found in PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0. Affected is the function toUtf8 of the file src/PhpSpreadsheet/Reader/Security/XmlScanner.php of the component Excel Parser. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2024-45293. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-45293 | PHPOffice PhpSpreadsheet up to 1.29.0/2.1.0 Excel Parser XmlScanner.php toUtf8 xml external entity reference (GHSA-6hwr-6v2f-3m88)

Related Posts

CVE-2024-28813 | Infinera hiT 7300 5.60.50 CT Management Application Privilege Escalation

VDB-278245 | Backdoor.Win32.Delf.yj Service Port 8080 information disclosure

CVE-2024-35735 | CodePeople WP Time Slots Booking Form Plugin up to 1.2.11 on WordPress authorization

CVE-2024-3194 | MailCleaner up to 2023.03.14 Log File Endpoint cross site scripting (MZ-24-01)