Description

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

Remediation

References

CVE-2007-2509

Related Vulnerabilities

Drupal Core 5.x SQL Injection (5.0 - 5.3)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)

PHP Improper Input Validation Vulnerability (CVE-2008-7068)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7927)

Severity

Low

Classification

CVE-2007-2509 CWE-20

Tags

Missing Update Known Vulnerabilities