Unrated severityNVD Advisory· Published Mar 30, 2015· Updated May 6, 2026

CVE-2013-6501

Description

The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <=5.6.7
SUSE S.A./Linux Enterprise Server2 versions
cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11.0:sp3:*:*:vmware:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2015-03/msg00003.htmlnvd
www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvd
www.securityfocus.com/bid/72530nvd
bugzilla.redhat.com/show_bug.cginvd
security.gentoo.org/glsa/201606-10nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000