Описание
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php-gettext | fixed | 1.0.12-1 | package | |
| php-gettext | no-dsa | buster | package | |
| php-gettext | no-dsa | stretch | package | |
| php-gettext | no-dsa | jessie | package | |
| php-gettext | no-dsa | wheezy | package |
Примечания
https://bugs.launchpad.net/php-gettext/+bug/1606184
https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 9 лет назад
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
CVSS3: 9.8
nvd
около 9 лет назад
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
CVSS3: 9.8
github
больше 3 лет назад
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.