CVE Details
Basic Information
| Title | Fengoffice Feng Office Document Upload ApplicationDataObject.class.php xml external entity reference |
|---|---|
| Type | cve |
| Published | 2025-06-09T12:31:04.643Z |
| Last Seen |
Product Information
| Vendor | Fengoffice |
|---|---|
| Product | Feng Office |
| Version | 3.2.2.1 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | This vulnerability allows remote attackers to exploit an XML external entity reference in the document upload handler of Feng Office, potentially leading to unauthorized file access or server-side request forgery. |
|---|---|
| AI Severity | Medium |
| Vendor | Fengoffice |
| Product | Feng Office |
| Affected Version | 3.2.2.1 |
Affected Products
- Fengoffice Feng Office 3.2.2.1
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-611, CWE-610 |
| Bulletin Family |
References
Description
A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.