PT-2006-1277 · Php+1 · Php+2
Stefan Esser
·
Published
2006-01-13
·
Updated
2018-10-30
·
CVE-2006-0200
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHP versions 5.1.0 through 5.1.1
Description
A format string issue in the error-reporting feature of the mysqli extension might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
Recommendations
For PHP versions 5.1.0 through 5.1.1, update to a version that contains a fix for this issue to prevent potential code execution.
Fix
RCE
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql Server
Php
Mysqli