CVE-2013-1643 (retired)

Priority
Description
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote
attackers to read arbitrary files via a SOAP WSDL file containing an XML
external entity declaration in conjunction with an entity reference,
related to an XML External Entity (XXE) issue in the soap_xmlParseFile and
soap_xmlParseMemory functions. NOTE: this vulnerability exists because of
an incorrect fix for CVE-2013-1824.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 12:07:11 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)