Vulnerability Details CVE-2024-13971
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-13971
-
cpe:2.3:a:lobster-world:lobster_pro:*