Description

This alert was generated using only banner information. It may be a false positive.


PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

Upgrade to the latest version of PHP.

References

Format string attack | OWASP Foundation

Related Vulnerabilities

Oracle Application Server CVE-2007-5526 Vulnerability (CVE-2007-5526)

WordPress Plugin AI ChatBot Directory Traversal (4.9.2)

Joomla CVE-2012-2748 Vulnerability (CVE-2012-2748)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Multiple Vulnerabilities (7.0.0)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.36)

Severity

High

Classification

CVE-2000-0967 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update