XXE vulnerability in OpenCats allows remote file read access via uploaded docx or odt files

XXE vulnerability in OpenCats allows remote file read access via uploaded docx or odt files

CVE-2019-13358 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

Learn more about our User Device Pen Test.