PHP Vulnerability: CVE-2007-4658
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | September 04, 2007 | October 01, 2012 | February 13, 2015 |
Description
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
php-upgrade-4_4_8Related Vulnerabilities
- CESA-2007:0890: php security update
- CESA-2007:0889: php security update
- Gentoo Linux: CVE-2007-4658: PHP: Multiple vulnerabilities
- PHP Multiple Vulnerabilities Fixed in version 5.2.4
- SUSE Linux Security Advisory: SUSE-SA:2008:004
- ELSA-2007-0890 Moderate: Enterprise Linux php security update
- RHSA-2007:0889: php security update
- RHSA-2007:0917: php security update
- FreeBSD: php -- multiple vulnerabilities (Multiple CVEs)
- SUSE Linux Security Vulnerability: CVE-2007-4658
- ELSA-2007-0889 Moderate: Enterprise Linux php security update
- RHSA-2007:0890: php security update
- SUSE-SA:2008:004: php4, php5
- RHSA-2007:0891: php security update
- USN-549-1: PHP vulnerabilities