Oracle hyperion planning 11.1.2.3 xml external entity Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-07-31 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Oracle hyperion planning 11.1.2.3 xml external entity is for educational purposes only and if it is used you will do on your own risk!
The event.pt1:pt_region0:1:pc2:fvtbl, event.pt1:pt_region0:1:findBtn1 and oracle.adf.view.rich.monitoring.UserActivityInfo parameters are prone to XXE injection. An authenticated attacker could exploit this vulnerability to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution and denial of service attacks.