GHSA-M95X-M25C-W9MP XML-RPC for PHP allows access to local files via malicious argument to the Client::send method

Abusing the $method argument of Client::send, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakness only affects installations where all the following conditions appl...

PT-2022-28181 · Packagist · Phpxmlrpc/Phpxmlrpc

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves code injection in the Wrapper::buildClientWrapperCode function through manipulation of the $client argument. This allows an attacker to force the client to access loc...