VulnerableCode Vulnerability Details - VCID-mnqn-qqgp-jbhf

Search for vulnerabilities

Vulnerability details: VCID-mnqn-qqgp-jbhf

Essentials
Severities (11)
References (12)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-mnqn-qqgp-jbhf
Aliases	CVE-2013-4701 GHSA-5qp6-78pr-gv8c
Summary	PHP OpenID Library Denial of Service vulnerability Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080
generic_textual	HIGH	http://jvn.jp/en/jp/JVN24713981/index.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
generic_textual	HIGH	http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
epss	0.00881	https://api.first.org/data/v1/epss?cve=CVE-2013-4701
generic_textual	HIGH	https://github.com/FriendsOfPHP/security-advisories/blob/master/openid/php-openid/CVE-2013-4701.yaml
generic_textual	HIGH	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-4701.yaml
generic_textual	HIGH	https://github.com/openid/php-openid
generic_textual	HIGH	https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2013-4701
generic_textual	HIGH	https://typo3.org/security/advisory/typo3-core-sa-2014-002

Reference id	Reference type	URL
		http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080
		http://jvn.jp/en/jp/JVN24713981/index.html
		http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
		http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
		https://api.first.org/data/v1/epss?cve=CVE-2013-4701
		https://github.com/FriendsOfPHP/security-advisories/blob/master/openid/php-openid/CVE-2013-4701.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-4701.yaml
		https://github.com/openid/php-openid
		https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
		https://nvd.nist.gov/vuln/detail/CVE-2013-4701
		https://typo3.org/security/advisory/typo3-core-sa-2014-002
GHSA-5qp6-78pr-gv8c		https://github.com/advisories/GHSA-5qp6-78pr-gv8c

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.74345
EPSS Score	0.00881
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:38.093250+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5qp6-78pr-gv8c/GHSA-5qp6-78pr-gv8c.json	36.1.3