Description

CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.

Remediation

References

CVE-2002-1783

Related Vulnerabilities

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10210)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3562)

WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Cross-Site Scripting (1.8.14)

MySQL CVE-2022-21355 Vulnerability (CVE-2022-21355)

Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)

Severity

Medium

Classification

CVE-2002-1783

Tags

Missing Update Known Vulnerabilities