← CVECheck
HomeVulnerabilities

CVE-2000-0967 — HIGH severity vulnerability (PHP 3 and 4 do not properly cleanse user-injected format str)

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

CVE IDCVE-2000-0967
SeverityHIGH
CVSS score10.0
CVSS vectorAV:N/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2000-12-19
Last modified2026-04-16
DescriptionPHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →