daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2013/CVE-2013-7285.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-12 15:45:23 -04:00
parent 351deb95fd
commit 71a803e856
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2013/CVE-2013-7285.yaml
View File

@ -5,7 +5,7 @@ info:
author: pwnhxl
severity: critical
description: |
Xstream API before 1.4.6 and version 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference:
- http://x-stream.github.io/CVE-2013-7285.html
- https://x-stream.github.io/CVE-2013-7285.html