Description
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-22648)
Opencart CVE-2024-21519 Vulnerability (CVE-2024-21519)
WordPress Plugin A.M.Y. Cross-Site Scripting (1.3.3)
WordPress Plugin Author Chat Unspecified Vulnerability (1.9.0)