phpxmlrpc vulnerable to argument injection via local file access in Client:send via manipulation of $protocol argument.
Client:send
$protocol