Description

This alert was generated using only banner information. It may be a false positive.


PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

Upgrade to the latest version of PHP.

References

Format string attack | OWASP Foundation

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5342)

MySQL CVE-2014-6568 Vulnerability (CVE-2014-6568)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4998)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

WordPress Plugin Membership 2 Unspecified Vulnerability (4.0.0.2)

Severity

High

Classification

CVE-2000-0967 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update