Name of the Vulnerable Software and Affected Versions: PHP (affected versions not specified)

Description: The issue concerns numerous PHP components, including DOMDocument, SimpleXML, and xml parse functionality, which are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks and XML Entity Expansion (XEE) vectors. XXE Injection attacks can be executed by adding a specific DOCTYPE element to XML documents and strings, allowing external entities to be specified. This can coerce an application to open arbitrary files and/or establish TCP connections. XEE vectors can lead to Denial of Service exploits by including XML entity definitions with recursive or circular references in the XML DOCTYPE declaration, resulting in CPU and memory consumption.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.