PT-2013-3409 · Php · Php

Vincent Danen

Published

2013-09-16

Updated

2024-06-15

CVE-2013-1824

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.22 PHP versions 5.4.x prior to 5.4.12

Description The issue allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap xmlParseFile and soap xmlParseMemory functions.

Recommendations For PHP versions prior to 5.3.22, update to version 5.3.22 or later. For PHP versions 5.4.x prior to 5.4.12, update to version 5.4.12 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2013-1824

DSA-2639-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

Affected Products

Php

PT-2013-3409 · Php · Php

CVE-2013-1824

Weakness Enumeration

Related Identifiers

Affected Products

References · 81