Axentra Hipserv Multiple Vulnerabilities (CVE-2018-18471)

Information disclosure and command injection vulnerabilities exist in Axentra Hipserv. This is due to an incorrectly configured XML parser accepting XML external entities. A remote unauthenticated attacker may exploit this vulnerability to disclose the contents of files or execute malicious commands on the target machine.

You can read the full article here.