[phpxmlrpc/phpxmlrpc] code injection in phpxmlrpc/phpxmlrpc

code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server’s url.

References

• https://github.com/gggeek/phpxmlrpc/issues/80
• https://github.com/FriendsOfPHP/security-advisories/blob/master/phpxmlrpc/phpxmlrpc/2022-11-28-2.yaml
• https://github.com/gggeek/phpxmlrpc/releases/tag/4.9.0
• https://github.com/advisories/GHSA-3fgr-xjr6-xqm8