E18-0ihn1
CVSS:
7.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
False Positive:
f
Variants:
1
Year:
2017
Description
This strike exploits a XML external entity vulnerability in Subsonic media server.
The vulnerability is due improper parsing of input file when user imports a new playlist.
By enticing a user to import a specially crafted .xsfp file, an attacker could evade firewalls and perform server-side request forgery attacks.