Description

This alert was generated using only banner information. It may be a false positive.


PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

Upgrade to the latest version of PHP.

References

Format string attack | OWASP Foundation

Related Vulnerabilities

MySQL CVE-2016-0661 Vulnerability (CVE-2016-0661)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6104)

Jenkins Improper Input Validation Vulnerability (CVE-2016-0792)

WordPress Plugin FireStorm Shopping Cart eCommerce SQL Injection (2.07.02)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-5545)

Severity

High

Classification

CVE-2000-0967 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update