Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0200

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0200
Last Modified 07 Mar 2011 09:29:33
Published 13 Jan 2006 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0200

Summary

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Vulnerable Systems

Application

  • Php 5.1

  • Php 5.1.1


References

XF - php-extmysqli-format-string(24095)

BID - 16219

CONFIRM - http://www.php.net/release_5_1_2.php

SECUNIA - 18431

VUPEN - ADV-2006-0369

VUPEN - ADV-2006-0177

BUGTRAQ - 20060112 Advisory 02/2006: PHP ext/mysqli Format String Vulnerability

MISC - http://www.hardened-php.net/advisory_022006.113.html

SECTRACK - 1015485

SREASON - 337


Last Updated: 27 May 2016 10:41:34