Full title: Journyx 11.5.4 XML Injection Vulnerability 
Category: web applications
Platform: python
Journyx version 11.5.4 has an issue where the soap_cgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.

# 0day.today @ http://0day.today/