Description

Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.

Remediation

References

CVE-2006-4154

Related Vulnerabilities

WordPress Plugin Popup Anything-A Marketing Popup Cross-Site Scripting (2.0.3)

YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)

WordPress Plugin Appointment Scheduling for Zoom GoogleMeet and more-Wappointment Cross-Site Scripting (2.2.4)

Severity

Medium

Classification

CVE-2006-4154

Tags

Missing Update Known Vulnerabilities