Name of the Vulnerable Software and Affected Versions phpxmlrpc (affected versions not specified)

Description The issue can be exploited when specific methods such as Wrapper::buildClientWrapperCode, Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod, or Wrapper::buildWrapMethodSource are used with a $client argument built with malicious data. This is an uncommon usage scenario, and the chances of exploitation may be low. The graphical debugger shipped with the library is also vulnerable when used with the "Generate stub for method call" option, but it only displays the malicious code without executing it. The attack scenario involves a developer copying a PHP snippet generated by the debugger into their own source code, using "Address" and "Path" input values supplied by a third party. The malicious payload should be easily recognizable as suspicious.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.