Back to directory
WRITEUP #402

OpenOlat - XML external entity (XXE) injection (CVE-2024-28198)

XXESecurity code review
byMaik
Program
OpenOlat
Published
Mar 12, 2024
Added to HackDex
May 8, 2024
Read Full Writeuphttps://secfault-security.com/blog/openolat-xxe.html
RELATED WRITEUPS
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
IIS welcome page to source code review to LFI!
SSRFLFI
The Hunt for XXE to LFI: How I Uncovered CVE-2019–9670 in a Bug Bounty Program
XXELFI

Built with ❤️ by Shubham Rawat