Description
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1591)
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
Drupal Core 8.5.x Cross-Site Scripting (8.5.0 - 8.5.13)
Oracle HTTP Server CVE-2019-2414 Vulnerability (CVE-2019-2414)
WordPress Plugin BulletProof Security Multiple Cross-Site Scripting Vulnerabilities (.48.9)