A security researcher has published a PoC exploit code for a vulnerability in Microsoft SharePoint Server.
The vulnerability tracked as CVE-2024-30043 exists in the Microsoft SharePoint Server due to the improper handling of XML External Entity (XXE) references within the BaseXmlDataSource class. By exploiting this flaw, remote attackers can craft documents that cause the XML parser to access external URIs and embed their contents into the XML document for further processing.
Microsoft addressed this vulnerability in its May 2024 Patch Tuesday update. The patch introduces stricter URL parsing controls for SPXmlDataSource and prohibits DTD usage in the XmlTextReader object to mitigate the risk of XXE attacks.
W01fh4cker, a security researcher, released a PoC exploit code to demonstrate how the CVE-2024-30043 vulnerability could be exploited. The exploit code effectively highlights the risks and potential damage this vulnerability can cause if left unpatched.
It is recommended to ensure that the vulnerable sharepoint instances installed the May 2024 security update to protect systems from this vulnerability.
