PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote malicious users to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 3.0 |
||
php php 4.0 |