Description

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Remediation

References

CVE-2006-0200

Related Vulnerabilities

WordPress Plugin Shopping Cart Multiple SQL Injection and Arbitrary File Upload Vulnerabilities (8.1.14)

Drupal Core 9.0.x Multiple Security Bypass Vulnerabilities (9.0.0 - 9.0.14)

ownCloud Improper Authentication Vulnerability (CVE-2023-49105)

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-6307)

Severity

Critical

Classification

CVE-2006-0200 CWE-134

Tags

Missing Update Known Vulnerabilities