Published: 07/02/2017 Updated: 03/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Eval injection vulnerability in php-gettext 1.0.12 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted plural forms header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-gettext project php-gettext

Debian Bug report logs - #851771 php-gettext: CVE-2016-6175 Package: src:php-gettext; Maintainer for src:php-gettext is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 18 Jan 2017 16:24:12 UTC Severity: grave Tags: buster-ignore, jes ...

[CVE-2016-6175] gettextphp <= 1012 unauthenticated code execution with POTENTIAL privileges escalation # Date: June 25th, 2016 # Author: kmkz (Bourbon Jean-marie) <mailbourbon@gmailcom> | @kmkz_security # Project Homepage: launchpadnet/php-gettext/ # Download: launchpadnet/php-gettext/trunk/1012/+download/php-gett ...

PHP gettextphp versions 1012 and below suffer from an unauthenticated code execution vulnerability ...

Translation API for PHP using Gettext MO files

motranslator Translation API for PHP using Gettext MO files Features All strings are stored in memory for fast lookup Fast loading of MO files Low level API for reading MO files Emulation of Gettext API No use of eval() for plural equation Limitations Default InMemoryCache not suitable for huge MO files which you don't want to store in memory Input and output encod

CWE-94 https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html https://github.com/NagVis/nagvis/commit/4fe8672a5aec3467da72b5852ca6d283c15adb53 https://bugs.launchpad.net/php-gettext/+bug/1606184 https://www.exploit-db.com/exploits/40154/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851771 https://nvd.nist.gov https://github.com/phpmyadmin/motranslator https://www.exploit-db.com/exploits/40154/

CVE-2016-6175

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect