Denial Of Service (DoS)

openpsa/midcom is vulnerable to denial of service Dos attacks. The library uses a vulnerable version of PHP and calls the insecure method xmlparseintostruct. This can allow a malicious user to upload an XML file with the RSS Upload feature to cause a buffer under read or segmentation fault that c...

Remote Code Execution (RCE)

openpsa/midcom is vulnerable to remote code execution RCE attacks. The library does not sanitize the json string before deserialization, allowing a malicious user to inject and execute arbitrary code through it...