2 matches found
CVE-2000-0967
CVE-2000-0967 affects PHP 3 and PHP 4 where user-supplied format strings are not properly sanitized in error log messages, enabling remote command execution via crafted error output. The vulnerability applies to PHP installations that log errors/warnings (format-string attacks via syslog/vsnprint...
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs...