CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
89.0%
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8,
permits multiple (1) %i and (2) %n tokens, which has unknown impact and
attack vectors, possibly related to a format string vulnerability.
Author | Note |
---|---|
kees | from Line 7667, http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641 202-money-format-abuse.patch |