Posted by Dawid Golunski on Oct 30
eBay Magento CE <= 1.9.2.1 XML eXternal Entity Injection (XXE) on PHP FPM
eBay Magento EE <= 1.14.2.1
Details at:
http://legalhackers.com/advisories/eBay-Magento-XXE-Injection-Vulnerability.txt
Regards,
Dawid Golunski