XXE vulnerability
When user POST the XML formats parameter to CodeIgniter Rest Server, the parameter is not properly sanitized before being used in a call to the simplexml_load_string() function. This can be exploited to carry out XML External Entity attacks.