Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2013-6501 - Vulnerability Database
PHP

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2013-6501

Medium
Reference: CVE-2013-6501
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2013-6501
Title: PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.