PHP : Security Vulnerabilities, CVEs, Published In 2000 CVSS score >= 8
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Max CVSS
10.0
EPSS Score
34.05%
Published
2000-12-19
Updated
2018-05-03
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
Max CVSS
10.0
EPSS Score
6.40%
Published
2000-01-04
Updated
2008-09-10
2 vulnerabilities found