Description
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Remediation
References
Related Vulnerabilities
MySQL CVE-2016-3440 Vulnerability (CVE-2016-3440)
WordPress Plugin SVG Support Cross-Site Scripting (2.5.1)
Oracle HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2022-25313)
Oracle HTTP Server Other Vulnerability (CVE-2006-5346)
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)