Description

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

References

CVE-2000-0967

Related Vulnerabilities

Oracle Database Server CVE-2011-0838 Vulnerability (CVE-2011-0838)

Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12626)

Lighttpd Other Vulnerability (CVE-2008-1531)

qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)

WordPress Plugin Social Share Buttons-Social Pug Multiple Unspecified Vulnerabilities (1.3.1)

Severity

Critical

Classification

CVE-2000-0967

Tags

Missing Update Known Vulnerabilities