Description
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.
Remediation
References
Related Vulnerabilities
Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)
MySQL CVE-2019-2993 Vulnerability (CVE-2019-2993)
Oracle Database Server CVE-2011-2238 Vulnerability (CVE-2011-2238)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3848)
Drupal Credentials Management Errors Vulnerability (CVE-2009-2374)