Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Other Vulnerability (CVE-2002-1783)

Description

CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.

Remediation

References

Related Vulnerabilities

Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)

Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-5145)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4542)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)

WordPress Plugin Admin renamer extended Cross-Site Request Forgery (3.2.1)

Severity

Medium

Classification

CVE-2002-1783

Tags

Missing Update Known Vulnerabilities