High severityNVD Advisory· Published Sep 18, 2020· Updated Aug 4, 2024
CVE-2020-25750
CVE-2020-25750
Description
An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
devgroup/dotplantPackagist | < 2020-09-14 | 2020-09-14 |
Affected products
2- DotPlant2/DotPlant2description
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-c49v-35ff-q9f7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25750ghsaADVISORY
- github.com/DevGroup-ru/dotplant2/commit/fee86c7052c227762c7325eb5c2811d9323f8429ghsaWEB
- github.com/DevGroup-ru/dotplant2/issues/400ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.