The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c.
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions up to 5.6.7 (inclusive)
|91704||GLSA-201606-10 : PHP: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|8789||PHP 5.4.x < 5.4.40 / 5.5.x < 5.5.24 / 5.6.x < 5.6.8 'php_sdl.c' WSDL Injection||Nessus Network Monitor||Web Servers|
|81665||SuSE 11.3 Security Update : PHP 5.3 (SAT Patch Number 10370)||Nessus||SuSE Local Security Checks|