5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
69.2%
PHP versions 5.3.x earlier than 5.3.23 are affected by an information disclosure vulnerability.
The fix for CVE-2013-1643 was incomplete and an error still exists in the files ‘ext/soap/php_xml.c’ and ‘ext/libxml/libxml.c’ related to handling external entities. This error could cause PHP to parse remote XML documents defined by an attacker and could allow access to arbitrary filesthe buffer overflow error that exists in the function ‘_pdo_pgsql_error’ in the file ‘ext/pdo_pgsql/pgsql_driver.c’
Binary data 801404.prm