Description
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Our Team Showcase Cross-Site Request Forgery (1.2)
Moodle Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-5153)
WordPress Plugin Local Market Explorer 'api-key' Parameter Cross-Site Scripting (3.1.1)
MySQL CVE-2020-14725 Vulnerability (CVE-2020-14725)
WordPress Plugin Ultimate Instagram Feed Unspecified Vulnerability (1.3)