Description

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

References

CVE-2000-0967

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.4.2)

WordPress Plugin All in One Webmaster Cross-Site Request Forgery (8.2.3)

WordPress Plugin WP Accessibility Cross-Site Scripting (1.6.10)

Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)

Severity

Critical

Classification

CVE-2000-0967

Tags

Missing Update Known Vulnerabilities