PHP error logging format string vulnerability
Description
This alert was generated using only banner information. It may be a false positive.
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Remediation
Upgrade to the latest version of PHP.