It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1114 advisory. fsockopen() doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. (CVE-2025-1220) Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer dereferences. (CVE-2025-1735) If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service. (CVE-2025-6491) Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. File data…Read More