XML External Entity (XXE) Vulnerability in urule v2.1.7 Allows Arbitrary Code Execution via Crafted XML File Upload

XML External Entity (XXE) Vulnerability in urule v2.1.7 Allows Arbitrary Code Execution via Crafted XML File Upload

CVE-2023-24189 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile.

Learn more about our External Network Penetration Testing.