ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function. (CVE-2013-4113)
Impact
Authenticated users accessing the Configuration utility may be able to cause a denial-of-service (DoS) by sending crafted XML requests.