Description
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Remediation
References
Related Vulnerabilities
WordPress Plugin About Author Cross-Site Scripting (1.3.9)
WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)
WordPress Plugin User Registration, Login & Landing Pages-LeadMagic Cross-Site Scripting (1.2.7)
WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.27)
Oracle Database Server CVE-2011-0848 Vulnerability (CVE-2011-0848)