NOTICE

Some features on this website won't work without JavaScript such as theme toggle, search bar, and copy article.

Maltego XML External Entity Injection

MEDIUM CVE-2020-35707 August 27, 2020

Dominik Penner @zer0pwn

DESCRIPTION

A vulnerability in Maltego allows XML external entity injection attacks through malformed input.

DETAILS

Maltego contains an XML external entity (XXE) injection vulnerability that could allow an attacker to read arbitrary files on the system, conduct server-side request forgery (SSRF) attacks, or cause denial of service.

AFFECTING

Maltego • 4.2.12

REFERENCES

https://maltego.com/blog/security-advisory-cve-2020-35707/