Skip to content

phpxmlrpc vulnerable to argument injection

Moderate severity GitHub Reviewed Published Dec 2, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

composer phpxmlrpc/phpxmlrpc (Composer)

Affected versions

< 4.9.0

Patched versions

4.9.0

Description

phpxmlrpc vulnerable to argument injection via local file access in Client:send via manipulation of $protocol argument.

References

Published to the GitHub Advisory Database Dec 2, 2022
Reviewed Dec 2, 2022
Last updated Jan 12, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-q7qq-9gx2-ggxv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.