code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server’s url.
もっと詳しく