icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP 5.1.x < 5.1.2 mysqli Error Message Format String

High

Synopsis

The remote host is vulnerable to a remote 'format string' flaw.

Description

The remote host is running a version of PHP that is older than 5.1.2. Versions 5.1.0 and 5.1.1 are potentially vulnerable to a remote format string vulnerabilty. Specifically, if PHP is configured to log MySQL errors, then an attacker may be able to trigger a condition wherein arbitrary commands or code are executed.

Solution

Upgrade to version 5.1.2 or higher.