Jackass
PHP Multiple Extensions Format String and Cross Site Scripting Issues
Multiple vulnerabilities were identified in PHP, which could be exploited by attackers to execute arbitrary commands or scripting code.
The first issue is due to a format string error in the error reporting feature of the "mysqli" extension that does not properly validate certain error messages generated by the SQL server, which could be exploited by local or remote attackers (under certain conditions) to execute arbitrary code with the privileges of the web server.
Review
Multiple vulnerabilities were identified in PHP, which could be exploited by attackers to execute arbitrary commands or scripting code.
The first issue is due to a format string error in the error reporting feature of the "mysqli" extension that does not properly validate certain error messages generated by the SQL server, which could be exploited by local or remote attackers (under certain conditions) to execute arbitrary code with the privileges of the web server.
Review
Participate on our website and join the conversation
You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.