Analysis Of Xxe 0days In Phpspreadsheet

In this article, we’ll walk you through, step by step, how we managed to uncover two 0day vulnerabilities that enabled an XXE attack, circumventing both the library’s built-in protections and the subsequent patches deployed by its developers.

link: Analysis of XXE 0days in PHPSpreadsheet < 3.4.0 – Unlock Security