CVE-2020-37192 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. A…
Medium CVSS: 6.7

CVE-2020-37192

MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
Vendor
-
Product
-
CWE
CWE-611
Yayın Tarihi
2026-02-11 21:16:13
Güncelleme
2026-02-12 15:10:37
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-611 MEDIUM 2026

Referanslar

https://www.exploit-db.com/exploits/47896 https://www.top-password.com/ https://www.vulncheck.com/advisories/msn-password-recovery-xml-external-entity-injection