XXE vulnerability in OpenCats allows remote file read access via uploaded docx or odt files
CVE-2019-13358 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.
Learn more about our User Device Pen Test.