Description

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Remediation

References

CVE-2007-4658

Related Vulnerabilities

WordPress Plugin WP e-Commerce Shop Styling Local File Inclusion (2.9.1)

WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)

WordPress Plugin Essential Addons for Elementor Cross-Site Scripting (5.0.8)

MongoDb Improper Input Validation Vulnerability (CVE-2018-20804)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

Severity

High

Classification

CVE-2007-4658

Tags

Missing Update Known Vulnerabilities