{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/vvveb--1.0.8.2/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-41936"}],"_cs_exploited":false,"_cs_products":["Vvveb","Vvveb \u003c 1.0.8.2"],"_cs_severities":["high"],"_cs_tags":["xxe","vulnerability","injection"],"_cs_type":"advisory","_cs_vendors":["Vvveb"],"content_html":"\u003cp\u003eVvveb, a content management system, is susceptible to an XML External Entity (XXE) injection vulnerability (CVE-2026-41936) affecting versions prior to 1.0.8.2. The vulnerability resides in the admin Tools/Import functionality, specifically within the \u003ccode\u003esystem/import/xml.php\u003c/code\u003e file. Authenticated users with site_admin privileges can exploit this flaw to inject malicious XML payloads containing file:// or php://filter entity references. This allows attackers to read arbitrary files from the server, including sensitive configuration files and application source code. Furthermore, successful exploitation can lead to the modification of database records, potentially enabling administrator password hash overwriting for privilege escalation, and gaining complete control over the CMS. This vulnerability poses a significant risk to organizations using Vvveb for managing their websites, as it allows unauthorized access to sensitive data and system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the Vvveb CMS as a site administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the admin Tools/Import section.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious XML file containing an XXE payload with a \u003ccode\u003efile://\u003c/code\u003e or \u003ccode\u003ephp://filter\u003c/code\u003e wrapper.\u003c/li\u003e\n\u003cli\u003eThe malicious XML payload is uploaded through the import feature.\u003c/li\u003e\n\u003cli\u003eThe Vvveb application parses the XML file using the vulnerable \u003ccode\u003esystem/import/xml.php\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eThe XML parser resolves the external entities, reading arbitrary files from the system.\u003c/li\u003e\n\u003cli\u003eThe application then persists the resolved entities into the application database.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages database modification to overwrite the administrator password hash, gaining elevated privileges.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this XXE vulnerability can have severe consequences. An attacker can read sensitive files from the server, potentially exposing confidential data, source code, and API keys. More critically, the ability to modify database records allows for administrator password hash overwriting, leading to complete compromise of the Vvveb CMS. There is no mention of victim count or sector targeting in the source material.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Vvveb to version 1.0.8.2 or later to patch CVE-2026-41936.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect exploitation attempts against the \u003ccode\u003esystem/import/xml.php\u003c/code\u003e endpoint in Vvveb.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for XML files uploaded through the admin interface to prevent XXE attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T19:16:37Z","date_published":"2026-05-06T19:16:37Z","id":"/briefs/2024-01-vvveb-xxe/","summary":"Vvveb before 1.0.8.2 is vulnerable to XML external entity (XXE) injection in the admin import feature, allowing authenticated site administrators to read arbitrary files and modify database records, potentially leading to privilege escalation.","title":"Vvveb CMS XML External Entity Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-vvveb-xxe/"}],"language":"en","title":"CraftedSignal Threat Feed — Vvveb \u003c 1.0.8.2","version":"https://jsonfeed.org/version/1.1"}