Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2025-1734)

Description

In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

Remediation

References

Related Vulnerabilities

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)

WeBid Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-32166)

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

LimeSurvey CVE-2019-16180 Vulnerability (CVE-2019-16180)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

Severity

Medium

Classification

CVE-2025-1734 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities