Description
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Exploits (2)
References (9)
Scores
EPSS
0.2691
EPSS Percentile
96.4%
Details
Status
published
Products (2)
php/php
3.0
php/php
4.0
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026