WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2013-6501)

Description

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.

Remediation

References

Related Vulnerabilities

WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)

Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)

WordPress Plugin Smart Manager for WooCommerce & WPeC SQL Injection (3.9.6)

Oracle Application Server Other Vulnerability (CVE-2002-0561)

Nexus Repository Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-34553)

Severity

Medium

Classification

CVE-2013-6501 CWE-138

Tags

Missing Update Known Vulnerabilities