VYPR

Packagist (Composer) package

devgroup/dotplant

pkg:composer/devgroup/dotplant

Vulnerabilities (1)

  • CVE-2020-25750Sep 18, 2020
    affected < 2020-09-14fixed 2020-09-14

    An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerabilit