CVE-2024-13971
HIGH WAF: High
CVSS 7.5
Published: 2026-04-30
CWE-611
Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| lobster-world | lobster_pro | up to 4.12.6-ga |
References
- www.schutzwerk.com (Exploit, Third Party Advisory)
- seclists.org