Tag

Phpspreadsheet

3 briefs RSS

PhpSpreadsheet SSRF and RCE Vulnerability via IOFactory::load

PhpSpreadsheet is vulnerable to Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE) due to improper validation of filenames in the IOFactory::load function, exploitable via PHP wrappers like `phar://` and `ftp://`.

PhpSpreadsheet ssrf rce php deserialization

2r 2t Jan 30, 2024

medium advisory

PhpSpreadsheet XML Reader Denial of Service via Unbounded Row Index

2 rules 1 TTP

PhpSpreadsheet is vulnerable to a denial-of-service attack by crafting a SpreadsheetML XML file with an excessively large row index, which exhausts server CPU resources due to unbounded iteration.

PhpSpreadsheet denial-of-service xml

2r 1t Jan 9, 2024

medium advisory

PhpSpreadsheet CPU Denial of Service via Unbounded Row Number

2 rules 1 TTP

A vulnerability in PhpSpreadsheet exists where a crafted XLSX file containing a large row number can cause excessive CPU consumption due to unbounded loop iterations, leading to a denial of service.

PhpSpreadsheet denial-of-service xlsx php

2r 1t Jan 3, 2024