XXE Vulnerability in Ahsay Cloud Backup Suite Allows Arbitrary XML Entity Expansion

XXE Vulnerability in Ahsay Cloud Backup Suite Allows Arbitrary XML Entity Expansion

CVE-2019-10264 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in Ahsay Cloud Backup Suite before 8.1.1.50. With a valid administrator account, the "Move / Import / Export Users" screen has an Import Users option. This option accepts a ZIP archive containing a users.xml file that can trigger XXE.

Learn more about our Cloud Audit.