Remote Code Execution via User-Injected Format Strings in PHP 3 and 4

Remote Code Execution via User-Injected Format Strings in PHP 3 and 4

CVE-2000-0967 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Learn more about our User Device Pen Test.