CVE-2015-8980

Опубликовано: 04 нояб. 2019

Источник: debian

Описание

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

Пакет	Статус	Версия исправления	Релиз	Тип
php-gettext	fixed	1.0.12-0.1		package
php-gettext	no-dsa		jessie	package
php-gettext	no-dsa		wheezy	package
phpmyadmin	fixed	4:4.6.6-1		package

For phpmyadmin, unimportant, since embeds lib but does not use in exploitable way
http://seclists.org/fulldisclosure/2016/Aug/76
Upstream patch: https://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/61

CVE-2015-8980

CVSS3: 9.8

ubuntu

больше 6 лет назад

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

CVE-2015-8980

CVSS3: 9.8

nvd

больше 6 лет назад

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

GHSA-gxcv-w2wp-7xvm

CVSS3: 9.8

github

больше 3 лет назад

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

openSUSE-SU-2017:0372-1

suse-cvrf

около 9 лет назад

Security update for phpMyAdmin