[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98250

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-0200

Date: (C)2006-01-13   (M)2017-07-21 


Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

CVSS Score: 9.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1015485
BID-16219
SECUNIA-18431
http://www.securityfocus.com/archive/1/archive/1/421705/100/0/threaded
SREASON-337
ADV-2006-0177
ADV-2006-0369
http://www.hardened-php.net/advisory_022006.113.html
http://www.php.net/release_5_1_2.php
php-extmysqli-format-string(24095)

CPE    2
cpe:/a:php:php:5.1
cpe:/a:php:php:5.1.1
CWE    1
CWE-134

© 2013 SecPod Technologies