header-logo
Suggest Exploit
vendor:
Prizm Content Connect
by:
@xhzeem
N/A
CVSS
N/A
XXE
611
CWE
Product Name: Prizm Content Connect
Affected Version From: v10.5.1030.8315
Affected Version To: v10.5.1030.8315
Patch Exists: Unknown
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2022

Prizm Content Connect v10.5.1030.8315 – XXE

The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE. Proof Of Concept: http://www.example.com/default.aspx?document=file.xml The file.xml can have an OoB XXE payload or any other blind XXE exploit.

Mitigation:

Ensure that XML parsers are configured to disable external entity references and DTDs.
Source

Exploit-DB raw data:

# Exploit Title: Prizm Content Connect v10.5.1030.8315 - XXE
# Date: 21/12/2022
# Exploit Author: @xhzeem
# Vendor Homepage:
https://help.accusoft.com/PCC/v9.0/HTML/About%20Prizm%20Content%20Connect.html
# Version: v10.5.1030.8315

The Prizm Content Connect v10.5.1030.8315 is vulnerable to XXE

Proof Of Concept:

http://www.example.com/default.aspx?document=file.xml

The file.xml can have an OoB XXE payload or any other blind XXE exploit.