A newly uncovered XML External Entity (XXE) injection vulnerability in PHP has demonstrated how attackers can bypass multiple security mechanisms to access sensitive configuration files and private keys.
The vulnerability, detailed by web application security researcher Aleksandr Zhurnakov, highlights the risks posed by improper XML parsing configurations, even in seemingly secure implementations.
https://gbhackers.com/php-xxe-injection ... attackers/