Unrated severityNVD Advisory· Published Sep 16, 2013· Updated Jun 16, 2026
CVE-2013-1824
CVE-2013-1824
Description
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed
< 5.6.28-1.1+ 1 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
Patches
Vulnerability mechanics
References
6- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1824.htmlnvdThird Party Advisory
- support.apple.com/kb/HT5880nvdThird Party Advisory
- lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlnvdBroken LinkMailing List
- git.php.netnvd
- git.php.netnvd
News mentions
0No linked articles in our index yet.