CVE-2015-3907: XXE vulnerability

July 3, 2019 (updated July 11, 2019)

When user POST the XML formats parameter to CodeIgniter Rest Server, the parameter is not properly sanitized before being used in a call to the simplexml_load_string() function. This can be exploited to carry out XML External Entity attacks.

References

kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907
nvd.nist.gov/vuln/detail/CVE-2015-3907

Detect and mitigate CVE-2015-3907 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →