Lucene search

MitreCVE-2007-4658

HistorySep 04, 2007 - 10:17 p.m.

CVE-2007-4658

2007-09-0422:17:00

mitre

web.nvd.nist.gov

cve

2007

4658

php

money_format

vulnerability

format string

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.049

Percentile

92.9%

JSON

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

Affected configurations

Nvd

Node

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.5

phpphpMatch5.1.6

phpphpMatch5.2.0

phpphpMatch5.2.1

phpphpMatch5.2.2

phpphpMatch5.2.3

phpphpMatch5.2.10

phpphpMatch5.2.11

phpphpMatch5.2.12

phpphpMatch5.2.13

phpphpMatch5.2.14

Node

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

phpphpMatch4.4.3

phpphpMatch4.4.4

phpphpMatch4.4.5

phpphpMatch4.4.6

phpphpMatch4.4.7

VendorProductVersionCPE
phpphp5.0.4cpe:/a:php:php:5.0.4:::
phpphp5.0.0cpe:/a:php:php:5.0.0:beta4::
phpphp5.2.14cpe:/a:php:php:5.2.14:::
phpphp5.0.0cpe:/a:php:php:5.0.0:beta1::
phpphp5.0.0cpe:/a:php:php:5.0.0:beta3::
phpphp5.2.13cpe:/a:php:php:5.2.13:::
phpphp5.0.1cpe:/a:php:php:5.0.1:::
phpphp5.0.0cpe:/a:php:php:5.0.0:::
phpphp5.1.6cpe:/a:php:php:5.1.6:::
phpphp5.0.2cpe:/a:php:php:5.0.2:::

Vendor	Product	Version	CPE
php	php	5.0.4	cpe:/a:php:php:5.0.4:::
php	php	5.0.0	cpe:/a:php:php:5.0.0:beta4::
php	php	5.2.14	cpe:/a:php:php:5.2.14:::
php	php	5.0.0	cpe:/a:php:php:5.0.0:beta1::
php	php	5.0.0	cpe:/a:php:php:5.0.0:beta3::
php	php	5.2.13	cpe:/a:php:php:5.2.13:::
php	php	5.0.1	cpe:/a:php:php:5.0.1:::
php	php	5.0.0	cpe:/a:php:php:5.0.0:::
php	php	5.1.6	cpe:/a:php:php:5.1.6:::
php	php	5.0.2	cpe:/a:php:php:5.0.2:::