VDB

CVE-2015-0923

CVE-2015-0923 PUBLISHED CVSS 5 MEDIUM

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

EPSS 77.78% · 99.0th percentile

Risk Scores

CVSS 2.0
5
EPSS Score
77.78%
99.0th percentile

Affected Products

VendorProductVersions
ektronektron_content_management_system8.5.0, 8.7.0, 8.7.0
n/an/an/a

Timeline

  • Feb 14, 2015 CVE Published
  • Mar 4, 2017 PoC Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jun 19, 2023 EPSS Score
  • Sep 8, 2023 EPSS Score
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 21, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›