CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.
codeigniter-restserver project codeigniter-restserver 2.7.1