CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.
github.com/chriskacerguis/codeigniter-restserver
github.com/chriskacerguis/codeigniter-restserver/commit/852740e7c636e4f44b3a8e3afc15155795e22c9b
github.com/chriskacerguis/codeigniter-restserver/issues/461
kb.hitcon.org/post/127839729207/codeigniter-rest-server-module-xxe-cve-2015-3907
nvd.nist.gov/vuln/detail/CVE-2015-3907