Script vulnerable to XXE.

[nahamsec]

Hello, We have came across this script, after an audit, we have confirmed that it's vulnerable to an XXE (https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing).

[razuro]

Quick response. Cool.

[PhilGale92]

Cheers for notifying me on this - I didn't even know about XXE before so its nice to learn something new!

I would have to add that this script was made only to be ran by trusted users (as with any/most file-upload relates scripts).

[nahamsec]

Good job on the quick fix :+1:! OWASP has really good resources for webapp security. We came across your script and figured it wouldn't hurt much to let you know there's a vulnerability there