Description
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Remediation
References
Related Vulnerabilities
Liferay Portal Other Vulnerability (CVE-2023-33947)
WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)
WordPress Plugin WP-Members Membership Cross-Site Scripting (3.1.4.2)