Description

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get call.

Remediation

References

CVE-2016-4071

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2600)

WordPress Plugin Simple Job Board Cross-Site Scripting (2.9.4)

PostgreSQL Cryptographic Issues Vulnerability (CVE-2012-2143)

WordPress Plugin Evarisk 'ajax.php' SQL Injection (5.1.3.6)

Oracle Database Server CVE-2010-2415 Vulnerability (CVE-2010-2415)

Severity

Critical

Classification

CVE-2016-4071 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities