php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12

August 16, 2016 007admin Leave a comment

Posted by crashenator on Aug 16

CERT ID – VU#520504 (pending since 2015)
Product – php-gettext
Company – Danilo Segan
Name – php-gettext php code execution
Versions – <1.0.12
Patched – 11/11/2015
Ref: https://launchpad.net/php-gettext/trunk/1.0.12
Vulnerability – “code injection into the ngettext family of calls:
evaluating the plural form formula can execute arbitrary code if number
is passed unsanitized from the untrusted user.”
Description –
In 1.0.11 and…

007 Software

php-gettext php code execution in select_string, ngettext, npgettext count parameter <1.0.12

Leave a Reply Cancel reply

Software and Security Information