Description
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
Remediation
References
Related Vulnerabilities
WordPress Plugin InPost Gallery Multiple Vulnerabilities (2.1.2)
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5471)
WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)