PHP Multiple Extensions Format String and Cross Site ....
This is a discussion about PHP Multiple Extensions Format String and Cross Site .... in the Warp2search Hang Out category; PHP Multiple Extensions Format String and Cross Site Scripting Issues Multiple vulnerabilities were identified in PHP, which could be exploited by attackers to execute arbitrary commands or scripting code.
This topic was started by Jackass, . Last reply by Jackass,
PHP Multiple Extensions Format String and Cross Site Scripting Issues
Multiple vulnerabilities were identified in PHP, which could be exploited by attackers to execute arbitrary commands or scripting code.
The first issue is due to a format string error in the error reporting feature of the "mysqli" extension that does not properly validate certain error messages generated by the SQL server, which could be exploited by local or remote attackers (under certain conditions) to execute arbitrary code with the privileges of the web server.
Review
Multiple vulnerabilities were identified in PHP, which could be exploited by attackers to execute arbitrary commands or scripting code.
The first issue is due to a format string error in the error reporting feature of the "mysqli" extension that does not properly validate certain error messages generated by the SQL server, which could be exploited by local or remote attackers (under certain conditions) to execute arbitrary code with the privileges of the web server.
Review
Participate in our website and join the conversation
This subject has been archived. New comments and votes cannot be submitted.
