7.5

CVE-2014-2054

EPSS 0.54%
Veröffentlicht 04.06.2014 14:55:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Advanced Contact form 7 DB <= 2.0.8 & Import any XML, CSV or Excel File to WordPress <= 3.8.0 - Use of Vulnerable Component (PHPExcel)

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Mögliche Gegenmaßnahme

Advanced Contact form 7 DB: Update to version 2.0.9, or a newer patched version

Import any XML, CSV or Excel File to WordPress: Update to version 3.9.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Advanced Contact form 7 DB

Version * - 2.0.8

SystemWordPress Plugin

≫

Produkt Import any XML, CSV or Excel File to WordPress

Version * - 3.8.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Owncloud ≫ Owncloud Server Version6.0.0

Owncloud ≫ Owncloud Server Version6.0.1

Phpexcel Project ≫ Phpexcel Version <= 1.7.9

Owncloud ≫ Owncloud Server Updatea Version <= 5.0.14

Owncloud ≫ Owncloud Server Version5.0.0

Owncloud ≫ Owncloud Server Version5.0.1

Owncloud ≫ Owncloud Server Version5.0.2

Owncloud ≫ Owncloud Server Version5.0.3

Owncloud ≫ Owncloud Server Version5.0.4

Owncloud ≫ Owncloud Server Version5.0.5

Owncloud ≫ Owncloud Server Version5.0.6

Owncloud ≫ Owncloud Server Version5.0.7

Owncloud ≫ Owncloud Server Version5.0.8

Owncloud ≫ Owncloud Server Version5.0.9

Owncloud ≫ Owncloud Server Version5.0.10

Owncloud ≫ Owncloud Server Version5.0.11

Owncloud ≫ Owncloud Server Version5.0.12

Owncloud ≫ Owncloud Server Version5.0.13

Owncloud ≫ Owncloud Server Version5.0.14

Phpexcel Project ≫ Phpexcel Version <= 1.7.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.648

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://owncloud.org/about/security/advisories/oC-SA-2014-006/

Vendor Advisory

https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt

https://www.wordfence.com/threat-intel/vulnerabilities/id/d88a5dfc-4654-4299-b5a5-2a48b3823e37

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-2054

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2054

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2054

EUVD