Description

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

References

CVE-2000-0967

Related Vulnerabilities

MySQL CVE-2019-2741 Vulnerability (CVE-2019-2741)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-38276)

WordPress Plugin Trust Form Cross-Site Scripting (2.0)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6451)

Internet Information Services Other Vulnerability (CVE-2003-0223)

Severity

Critical

Classification

CVE-2000-0967

Tags

Missing Update Known Vulnerabilities