Description

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Remediation

References

CVE-2007-1452

Related Vulnerabilities

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-3399)

WordPress Plugin Migration, Backup, Staging-WPvivid Cross-Site Scripting (0.9.55)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21692)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3747)

Severity

Medium

Classification

CVE-2007-1452

Tags

Missing Update Known Vulnerabilities