Description
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-0876 Vulnerability (CVE-2011-0876)
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.15)
WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)