Name of the Vulnerable Software and Affected Versions Zend XmlRpc (affected versions not specified)

Description The issue concerns XML eXternal Entity (XXE) Injection attacks. It arises from the insecure use of the SimpleXMLElement class in the SimpleXML PHP extension for parsing XML data. An attacker can exploit this by adding a specific DOCTYPE element to XML-RPC requests, allowing them to specify external entities. This can coerce an application into opening arbitrary files and/or establishing TCP connections.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.