phpxmlrpc vulnerable to argument injection · GHSA-q7qq-9gx2-ggxv · GitHub Advisory Database · GitHub

phpxmlrpc vulnerable to argument injection

Moderate severity GitHub Reviewed Published Dec 2, 2022 to the GitHub Advisory Database • Updated Jan 12, 2023

Package

phpxmlrpc/phpxmlrpc (Composer)

Affected versions

< 4.9.0

Patched versions

4.9.0

Description

phpxmlrpc vulnerable to argument injection via local file access in Client:send via manipulation of $protocol argument.

References

Published to the GitHub Advisory Database Dec 2, 2022

Reviewed Dec 2, 2022

Last updated Jan 12, 2023