BIT-LIBPHP-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

PT-2021-6877 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.32 PHP versions 7.4.x through 7.4.25 PHP versions 8.0.x through 8.0.12 Description: The issue is related to certain XML parsing functions in PHP, such as simplexml load file, which URL-decode the filename passed...