Vulnerability Description
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.0.0 |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00006.html
- http://rhn.redhat.com/errata/RHSA-2007-0889.html
- http://secunia.com/advisories/26642PatchVendor Advisory
- http://secunia.com/advisories/26822Vendor Advisory
- http://secunia.com/advisories/26838Vendor Advisory
- http://secunia.com/advisories/26871Vendor Advisory
- http://secunia.com/advisories/26895Vendor Advisory
- http://secunia.com/advisories/26930Vendor Advisory
- http://secunia.com/advisories/26967Vendor Advisory
- http://secunia.com/advisories/27102Vendor Advisory
- http://secunia.com/advisories/27377Vendor Advisory
- http://secunia.com/advisories/27545Vendor Advisory
- http://secunia.com/advisories/27864Vendor Advisory
- http://secunia.com/advisories/28249Vendor Advisory
- http://secunia.com/advisories/28658Vendor Advisory
FAQ
What is CVE-2007-4658?
CVE-2007-4658 is a vulnerability with a CVSS score of 7.5 (HIGH). The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vul...
How severe is CVE-2007-4658?
CVE-2007-4658 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4658?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.