Description
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0004)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)
WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)
WebLogic Improper Input Validation Vulnerability (CVE-2017-15707)