Description
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Remediation
References
Related Vulnerabilities
WordPress Plugin Under Construction Unspecified Vulnerability (3.85)
TYPO3 Improper Input Validation Vulnerability (CVE-2014-3941)
WordPress Plugin LearnDash LMS Arbitrary File Upload (2.5.3)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-0664)
WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)