Name of the Vulnerable Software and Affected Versions PHP (affected versions not specified)

Description The issue concerns numerous components utilizing PHP's DOMDocument, SimpleXML, and xml parse functionality. These components are vulnerable to two types of attacks: XML eXternal Entity (XXE) Injection attacks and XML Entity Expansion (XEE) vectors. XXE Injection attacks can be executed by adding a specific DOCTYPE element to XML documents and strings, allowing external entities to be specified. This can coerce an application to open arbitrary files and/or establish TCP connections. XEE vectors can lead to Denial of Service exploits, occurring when the XML DOCTYPE declaration includes XML entity definitions with recursive or circular references, resulting in CPU and memory consumption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.