Vulnerability Details CVE-2006-0200
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.113
EPSS Ranking 93.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/18431
- http://securityreason.com/securityalert/337
- http://securitytracker.com/id?1015485
- http://www.hardened-php.net/advisory_022006.113.html
- http://www.php.net/release_5_1_2.php
- http://www.securityfocus.com/archive/1/421705/100/0/threaded
- http://www.securityfocus.com/bid/16219
- http://www.vupen.com/english/advisories/2006/0177
- http://www.vupen.com/english/advisories/2006/0369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24095
- http://secunia.com/advisories/18431
- http://securityreason.com/securityalert/337
- http://securitytracker.com/id?1015485
- http://www.hardened-php.net/advisory_022006.113.html
- http://www.php.net/release_5_1_2.php
- http://www.securityfocus.com/archive/1/421705/100/0/threaded
- http://www.securityfocus.com/bid/16219
- http://www.vupen.com/english/advisories/2006/0177
- http://www.vupen.com/english/advisories/2006/0369
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24095