Format String Vulnerability in zend_throw_or_error Function in PHP 7.x before 7.0.1

Format String Vulnerability in zend_throw_or_error Function in PHP 7.x before 7.0.1

CVE-2015-8617 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.