Description

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Remediation

References

CVE-2007-1452

Related Vulnerabilities

PostgreSQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2017-12172)

WordPress Plugin WP Posts Carousel Cross-Site Scripting (1.3.6)

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2046)

WordPress Plugin WP Migrate DB Security Bypass (0.6)

Squid Integer Overflow or Wraparound Vulnerability (CVE-2020-11945)

Severity

Medium

Classification

CVE-2007-1452

Tags

Missing Update Known Vulnerabilities