Site icon API Security Blog

Journyx 11.5.4 XML Injection Vulnerability

Journyx version 11.5.4 has an issue where the soap_cgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server…Read More

Exit mobile version