Description
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
Remediation
References
Related Vulnerabilities
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)
WordPress Plugin RSVPMaker for Toastmasters Cross-Site Request Forgery (3.3.4)
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)
OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2024-6119)