XXE Vulnerability in Pepperminty-Wiki v0.15: Denial of Service and Remote Code Execution

XXE Vulnerability in Pepperminty-Wiki v0.15: Denial of Service and Remote Code Execution

CVE-2017-1000497 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution

Learn more about our Web Application Penetration Testing UK.