CVE-2013-6501 — Injection in PHP

CWE-74 — Injection CWE-377 — Insecure Temporary File6 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 83.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PHP Suse Linux Enterprise Server

Timeline

PublishedMar 30

Latest updateMay 17

Description

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDphp/php5.6.7

▶NVDsuse/linux_enterprise_server11.0

🔴Vulnerability Details

GHSA

GHSA-x247-pp49-3c7r: The default soap↗2022-05-17

▶

CVEList

CVE-2013-6501: The default soap↗2015-03-30

▶

OSV

CVE-2013-6501: The default soap↗2015-03-30

▶

📋Vendor Advisories

Red Hat

php: predictable file name used for cache in world writeable directory↗2015-02-08

▶

💬Community

Bugzilla

CVE-2013-6501 php: predictable file name used for cache in world writeable directory↗2013-09-17

▶