CVE-2023-3823

Summary

CVE-2023-3823 is a vulnerability affecting PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8. The issue lies in how XML functions manage the global state for configuring whether external entities are loaded. Though users assume this state remains unchanged, other modules like ImageMagick can alter it within the same process for their needs. This leaves the system in a vulnerable state where external XML is parsed with external entities enabled, potentially leading to local file disclosure. This state can persist across multiple requests until the process is terminated.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.