Description

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Remediation

References

CVE-2007-1452

Related Vulnerabilities

WordPress Plugin Contact Form Integrated With Google Maps Cross-Site Scripting (2.4)

PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2016-3074)

WordPress Plugin Simply Instagram Cross-Site Scripting (1.2.6)

WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34008)

Severity

Medium

Classification

CVE-2007-1452

Tags

Missing Update Known Vulnerabilities