A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality