SecurityExplained/resources/vulnerable-code-16.md at main · harsh-bothra/SecurityExplained · GitHub

SecurityExplained S-28: Vulnerable Code Snippet - 16

Vulnerable Code:

Solution:

The code is vulnerable to XXE attack because the use of the LIBXML_NOENT enables the external entity loading in php8.

Similar Issue: https://blog.sonarsource.com/wordpress-xxe-security-vulnerability

Code Credits: SonarSource

Follow Twitter Thread