CVE-2022-31447
Description
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.
References
ExploitThird Party Advisory
Vendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
AccessComplexity | LOW |
ConfidentialityImpact | PARTIAL |
AvailabilityImpact | NONE |
IntegrityImpact | NONE |
BaseScore | 5 |
VectorString | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |