CVE Vulnerabilities

CVE-2007-4658

Published: Sep 04, 2007 | Modified: Oct 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Affected Software

Name Vendor Start Version End Version
Php Php 5.1.5 5.1.5
Php Php 5.1.2 5.1.2
Php Php 5.1.1 5.1.1
Php Php 5.2.14 5.2.14
Php Php 5.0.0 5.0.0
Php Php 5.1.6 5.1.6
Php Php 5.2.2 5.2.2
Php Php 5.0.5 5.0.5
Php Php 5.0.1 5.0.1
Php Php 5.1.4 5.1.4
Php Php 5.0.4 5.0.4
Php Php 5.2.12 5.2.12
Php Php 5.2.11 5.2.11
Php Php 5.0.0 5.0.0
Php Php 5.2.3 5.2.3
Php Php 5.0.3 5.0.3
Php Php 5.1.0 5.1.0
Php Php 5.2.13 5.2.13
Php Php 5.0.0 5.0.0
Php Php 5.2.0 5.2.0
Php Php 5.0.0 5.0.0
Php Php 5.1.3 5.1.3
Php Php 5.2.10 5.2.10
Php Php 5.0.0 5.0.0
Php Php 5.0.2 5.0.2
Php Php 5.2.1 5.2.1
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0
Php Php 5.0.0 5.0.0

References