Description
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted XML document, a related issue to CVE-2015-5161.
Remediation
References
Related Vulnerabilities
WordPress Plugin Header Footer Code Manager SQL Injection (1.1.13)
Oracle HTTP Server CVE-2018-2760 Vulnerability (CVE-2018-2760)
WordPress Plugin Online Hotel Booking System Pro SQL Injection (1.0)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.9.0)
WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)