Netgis
Monthly
Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).
Sensitive file and internal resource disclosure in Netcad Software NetGIS (versions 5.0.66 up to but not including 7.2.2) arises from an XML External Entity (XXE) flaw where the application resolves external entity references in serialized/XML data submitted by clients. Remote attackers can craft malicious XML payloads to read local files, exfiltrate data, or reach internal network resources on the server. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported by Turkey's national CERT (TR-CERT/USOM).