Description

This alert was generated using only banner information. It may be a false positive.


PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Remediation

Upgrade to the latest version of PHP.

References

PHP Error Logging Format String Vulnerability (BID 1786)

Related Vulnerabilities

WordPress Plugin bbPress Move Topics PHP Object Injection (1.1.4)

WordPress Plugin WikiPop Cross-Site Scripting (2.0)

Drupal Core 8.x.x Security Bypass (8.0.0 - 8.7.14)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)

WordPress Plugin Keep Backup Daily Cross-Site Scripting (2.0.2)

Severity

High

Classification

CVE-2000-0967 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Missing Update