Description
getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0704)
WordPress Other Vulnerability (CVE-2007-3543)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)
ProjectSend Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-7201)