"1) Input passed to the session ID in the session extension isn't properly sanitised before being returned to the user via a "Set-Cookie" HTTP header. 2) A format string error in the processing of error messages in the mysqli extension may be exploited to execute arbitrary code by causing an exception in an application where the error message can be controlled by the attacker. 3) Some unspecified input passed under certain error conditions isn't properly sanitised before being returned to the user."
These affected PHP <5.1.2.