CVE-2013-1643

Priority
Description
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote
attackers to read arbitrary files via a SOAP WSDL file containing an XML
external entity declaration in conjunction with an entity reference,
related to an XML External Entity (XXE) issue in the soap_xmlParseFile and
soap_xmlParseMemory functions. NOTE: this vulnerability exists because of
an incorrect fix for CVE-2013-1824.
Assigned-to
mdeslaur
More Information

Updated: 2019-01-14 22:08:19 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)