code injection in phpxmlrpc/phpxmlrpc

code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.

Published: Nov 28, 2022
Updated: Apr 14, 2023
GHSA: GHSA-3fgr-xjr6-xqm8
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-95

Affected Software
References

Software	From	Fixed in
phpxmlrpc / phpxmlrpc	-	4.9.0

https://github.com/FriendsOfPHP/security-advisories/blob/master/phpxmlrpc/phpxmlrpc/2022-11-28-2.yaml
https://github.com/gggeek/phpxmlrpc/issues/80
https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.0

Vulnerability Database

code injection in phpxmlrpc/phpxmlrpc