CVE-2000-0967 | Vulnerability Database | Aqua Security

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	3.0 (including)	3.0 (including)
Php	Php	4.0 (including)	4.0 (including)

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
http://www.atstake.com/research/advisories/2000/a101200-1.txt
http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
http://www.redhat.com/support/errata/RHSA-2000-088.html
http://www.redhat.com/support/errata/RHSA-2000-095.html
http://www.securityfocus.com/bid/1786
https://exchange.xforce.ibmcloud.com/vulnerabilities/5359
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
http://www.atstake.com/research/advisories/2000/a101200-1.txt
http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
http://www.redhat.com/support/errata/RHSA-2000-088.html
http://www.redhat.com/support/errata/RHSA-2000-095.html
http://www.securityfocus.com/bid/1786
https://exchange.xforce.ibmcloud.com/vulnerabilities/5359

NVD	https://nvd.nist.gov/vuln/detail/CVE-2000-0967
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html