Description

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Remediation

References

CVE-2006-0200

Related Vulnerabilities

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-28032)

WordPress Plugin oQey Gallery 'gal_id' Parameter SQL Injection (0.4.8)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42458)

WordPress Plugin SendinBlue Subscribe Form And WP SMTP Multiple Unspecified Vulnerabilities (2.7.3)

Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)

Severity

Critical

Classification

CVE-2006-0200 CWE-134

Tags

Missing Update Known Vulnerabilities