XXE Vulnerability

[dahua966]

https://github.com/symphonycms/symphonycms/blob/master/symphony/lib/toolkit/class.xmlelement.php

public static function convertFromXMLString($root_element, $xml)
{
    $doc = new DOMDocument('1.0', 'utf-8');
    $doc->loadXML($xml);

    return self::convertFromDOMDocument($root_element, $doc);
}

Crafted user input could lead to XXE vulnerability as the external entity is not disabled here.

[Idan-D]

Hey, Was this issue already fixed? if yes, in which version?