Description
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mingle Forum Multiple Cross-Site Scripting Vulnerabilities (1.0.33)
WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)
WordPress Plugin Virtue/Pinnacle ToolKit Unspecified Vulnerability (2.5)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)