Posted by crashenator on Aug 16
CERT ID – VU#520504 (pending since 2015)
Product – php-gettext
Company – Danilo Segan
Name – php-gettext php code execution
Versions – <1.0.12
Patched – 11/11/2015
Ref: https://launchpad.net/php-gettext/trunk/1.0.12
Vulnerability – “code injection into the ngettext family of calls:
evaluating the plural form formula can execute arbitrary code if number
is passed unsanitized from the untrusted user.”
Description –
In 1.0.11 and…