Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/mudongliang/LinuxFlaw
- https://github.com/oneoy/cve-
- https://github.com/seokjeon/SARD-vs-CVE
- https://github.com/tagua-vm/tagua-vm