PHP 'soap.wsdl_cache_dir' Validation Arbitrary File Write Vulnerability

PHP is prone to an arbitrary file-write vulnerability because the application fails to sanitize user-supplied input.

An attacker can exploit this issue to write wsdl files within the context of the affected application. Other attacks are also possible.

Note: The issue (described by CVE-2013-1643) has been moved to BID 58766 (PHP 'ext/soap/php_xml.c' Multiple Arbitrary File Disclosure Vulnerabilities) to better document it.

Versions prior to PHP 5.3.22 and 5.4.12 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus