6.2 Medium
AI Score
Confidence
Low
PHP does not validate the configuration directive soap.wsdl_cache_dir before writing SOAP wsdl cache files to the filesystem. Impact An attacker is able to write remote wsdl files to arbitrary locations on an affected system.