Description
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
Remediation
References
Related Vulnerabilities
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
WordPress Plugin Show-Hide/Collapse-Expand Cross-Site Scripting (1.2.5)
WordPress Improper Input Validation Vulnerability (CVE-2020-35539)
WordPress Plugin WP Content Filter Unspecified Vulnerability (2.42)
WordPress Plugin Power Charts-Responsive Beautiful Charts & Graphs Cross-Site Scripting (0.1.0)