Description

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Remediation

References

CVE-2007-4658

Related Vulnerabilities

TYPO3 CVE-2023-38499 Vulnerability (CVE-2023-38499)

OpenSSL Other Vulnerability (CVE-2015-0207)

WordPress Plugin MainWP Dashboard Cross-Site Scripting (3.1.2)

WordPress Plugin Contact Form Widget-Contact Query, Form Maker SQL Injection (1.0.9)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14594)

Severity

High

Classification

CVE-2007-4658

Tags

Missing Update Known Vulnerabilities