ID:3894 - Exploit for Format string error in PHP - CVE-2015-8617

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3894 - Exploit for Format string error in PHP - CVE-2015-8617

ID:3894 - Exploit for Format string error in PHP - CVE-2015-8617

Published: August 9, 2020


Vulnerability identifier: #VU40513
Vulnerability risk: High
CVE-ID: CVE-2015-8617
CWE-ID: CWE-134
Exploitation vector: Remote access
Vulnerable software:
PHP

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.


Remediation

Install update from vendor's website.