Home > Vulnerability Database > CVE-2006-0200

Mend.io Vulnerability Database

CVE-2006-0200

Date: January 13, 2006

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Severity Score

8.1

Related Resources (13)

Url: http://securityreason.com/securityalert/337

Url: http://secunia.com/advisories/18431

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/24095

Url: http://www.vupen.com/english/advisories/2006/0177

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-0200

Url: http://www.php.net/release_5_1_2.php

Url: http://securitytracker.com/id?1015485

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-0200

Url: http://www.hardened-php.net/advisory_022006.113.html

Url: http://www.securityfocus.com/archive/1/421705/100/0/threaded

Url: http://www.vupen.com/english/advisories/2006/0369

Url: http://www.securityfocus.com/bid/16219

Url: https://www.mend.io/vulnerability-database/CVE-2006-0200

Severity Score

8.1

Weakness Type (CWE)

Use of Externally-Controlled Format String

CWE-134

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-0200

Date: January 13, 2006

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?