The host is installed with PHP and is prone to format string vulnerability. A flaw in present in phar_object.c, which improperly calls zend_throw_exception_ex() function when format string specifiers are passed in an argument to a class method. Successful exploitation could allow remote attackers to execute arbitrary code, obtain sensitive information or cause a denial of service.