CVE-2007-1452 | Vulnerability Database | Aqua Security

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	5.0-rc1 (including)	5.0-rc1 (including)
Php	Php	5.0-rc2 (including)	5.0-rc2 (including)
Php	Php	5.0-rc3 (including)	5.0-rc3 (including)
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.3 (including)	5.1.3 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)
Php	Php	5.1.6 (including)	5.1.6 (including)
Php	Php	5.2.0 (including)	5.2.0 (including)

References

http://www.php-security.org/MOPB/MOPB-17-2007.html
http://www.securityfocus.com/bid/22906
http://www.php-security.org/MOPB/MOPB-17-2007.html
http://www.securityfocus.com/bid/22906

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1452
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html