XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote malicious users to read system files via custom DTDs.
obdasystems mastro 1.0