Skip to main content

Phpspreadsheet CVE-2018-19277

HIGH
XML Injection (aka Blind XPath Injection) (CWE-91)
2018-11-14 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 14, 2018 - 11:29 nvd
HIGH 8.8

DescriptionNVD

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

AnalysisAI

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-91. securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file Affected products include: Phpoffice Phpspreadsheet. Version information: through 1.5.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-45291 HIGH POC
8.8 Oct 07

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 8.8), this vul

CVE-2019-12331 HIGH POC
8.8 Nov 07

PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2024-48917 HIGH POC
7.5 Nov 18

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vulnerab

CVE-2024-47873 HIGH POC
7.5 Nov 18

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vulnerab

CVE-2024-45290 HIGH POC
7.5 Oct 07

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vul

CVE-2024-45293 HIGH POC
7.5 Oct 07

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated high severity (CVSS 7.5), this vul

CVE-2024-45048 MEDIUM POC
6.5 Aug 28

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.5), this v

CVE-2020-7776 MEDIUM POC
6.4 Dec 09

This affects the package phpoffice/phpspreadsheet from 0.0.0. Rated medium severity (CVSS 6.4), this vulnerability is re

CVE-2024-45060 MEDIUM POC
6.1 Oct 07

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 6.1), this v

CVE-2024-45292 MEDIUM POC
5.4 Oct 07

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this v

CVE-2024-45046 MEDIUM POC
5.4 Aug 28

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.4), this v

CVE-2025-22131 MEDIUM POC
5.1 Jan 20

PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Rated medium severity (CVSS 5.1), this vulner

Share

CVE-2018-19277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy