Command Injection

phpxmlrpc/phpxmlrpc is vulnerable to command injection. A remote attacker is able to inject malicious code via crafted values for the Address and Path inputs through the $client argument of buildClientWrapperCode function...

XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

GHSA-7VCX-V65Q-9WPG XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument

In order for this weakness to be exploited, the following conditions have to apply, at the same time: - method Wrapper::buildClientWrapperCode, or any methods which depend on it, such as Wrapper::wrapXmlrpcServer, Wrapper::wrapXmlrpcMethod or Wrapper::buildWrapMethodSource must be in use. Note th...

PT-2022-28181 · Packagist · Phpxmlrpc/Phpxmlrpc

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves code injection in the Wrapper::buildClientWrapperCode function through manipulation of the $client argument. This allows an attacker to force the client to access loc...