XML External Entity (XXE) Vulnerability in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1, and 6.5 Allows Disclosure of Server File Contents
CVE-2018-8819 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header.
Learn more about our Web App Pen Testing.