Vulnerabilities > CVE-2018-18737 - XXE vulnerability in Douchat 4.0.4

Summary

An XXE issue was discovered in Douchat 4.0.4 because Data\notify.php calls simplexml_load_string. This can also be used for SSRF.

Vulnerable Configurations

Common Weakness Enumeration (CWE)

• CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References