ID CVE-2017-8918
Summary XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
References
Vulnerable Configurations
  • cpe:2.3:a:blackwave:dive_assistant:8.0:-:-:-:desktop
    cpe:2.3:a:blackwave:dive_assistant:8.0:-:-:-:desktop
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-611
CAPEC
exploit-db via4
id EDB-ID:42000
last seen 2018-11-30
modified 2017-05-12
published 2017-05-12
reporter Exploit-DB
source https://www.exploit-db.com/download/42000
title Dive Assistant Template Builder 8.0 - XML External Entity Injection
refmap via4
misc https://thenopsled.com/Exploit-DB%20Writeup.txt
Last major update 12-09-2017 - 14:29
Published 12-09-2017 - 14:29
Last modified 21-09-2017 - 14:46
Back to Top