NuytsTech Security

CVE-2015-8617

by ·

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

Date published : 2016-01-18

http://php.net/ChangeLog-7.php

https://bugs.php.net/bug.php?id=71105

Tags: