Vulnerability Database

296,733

Total vulnerabilities in the database

code injection in phpxmlrpc/phpxmlrpc

code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.

Published: Nov 28, 2022
Updated: Apr 14, 2023
GHSA: GHSA-3fgr-xjr6-xqm8
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-95

Affected Software
References

Software	From	Fixed in
phpxmlrpc / phpxmlrpc	-	4.9.0

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpxmlrpc/phpxmlrpc/2022-11-28-2.yaml
https://github.com/gggeek/phpxmlrpc/issues/80
https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo