code injection in phpxmlrpc/phpxmlrpc
High severity
GitHub Reviewed
Published
Nov 28, 2022
to the GitHub Advisory Database
•
Updated Oct 2, 2023
Description
Published to the GitHub Advisory Database
Nov 28, 2022
Reviewed
Nov 28, 2022
Last updated
Oct 2, 2023
code injection in
Wrapper::buildClientWrapperCode
via manipulation of the$client
argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.References