CVE-2015-8617

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.0.1

Description The issue is related to a format string vulnerability in the zend throw or error function. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

Recommendations For PHP versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent misuse of format string specifiers until a patch is applied.