Vulnerability Details CVE-2018-19277
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://github.com/MewesK/TwigSpreadsheetBundle/issues/18
- https://github.com/PHPOffice/PhpSpreadsheet/issues/771
- https://www.bishopfox.com/news/2018/11/phpoffice-versions/
- https://www.drupal.org/sa-contrib-2021-043
- https://github.com/MewesK/TwigSpreadsheetBundle/issues/18
- https://github.com/PHPOffice/PhpSpreadsheet/issues/771
- https://www.bishopfox.com/news/2018/11/phpoffice-versions/
- https://www.drupal.org/sa-contrib-2021-043
Products affected by CVE-2018-19277
-
cpe:2.3:a:phpoffice:phpspreadsheet:-
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.0.0
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.1.0
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.2.0
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.2.1
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.3.0
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.3.1
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.4.0
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.4.1
-
cpe:2.3:a:phpoffice:phpspreadsheet:1.5.0