Description

This alert was generated using only banner information. It may be a false positive.


PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

Upgrade to the latest version of PHP.

References

PHP Error Logging Format String Vulnerability (BID 1786)

Related Vulnerabilities

Joomla Improper Access Control Vulnerability (CVE-2015-7899)

WordPress Plugin Google Maps Ready! Cross-Site Request Forgery (1.1.5)

PHP Numeric Errors Vulnerability (CVE-2011-0755)

qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19515)

OpenSSL Other Vulnerability (CVE-2007-3108)

Severity

High

Classification

CVE-2000-0967 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update