[Forgot Password]
Login  Register Subscribe

23631

 
 

126173

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-2509

Date: (C)2007-05-08   (M)2017-10-12 


CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

CVSS Score: 2.6Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECTRACK-1018022
2007-0017
http://www.securityfocus.com/archive/1/archive/1/463596/100/0/threaded
BID-23813
BID-23818
SECUNIA-25187
SECUNIA-25191
SECUNIA-25255
SECUNIA-25318
SECUNIA-25365
SECUNIA-25372
SECUNIA-25445
SECUNIA-25660
SECUNIA-26048
SREASON-2672
SECUNIA-26967
SECUNIA-27351
ADV-2007-2187
DSA-1295
DSA-1296
GLSA-200705-19
MDKSA-2007:102
MDKSA-2007:103
RHSA-2007:0348
RHSA-2007:0349
RHSA-2007:0355
RHSA-2007:0888
RHSA-2007:0889
SUSE-SA:2007:044
USN-462-1
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
php-ftpputcmd-crlf-injection(34413)

CPE    50
cpe:/a:php:php:5.1
cpe:/a:php:php:4.3
cpe:/a:php:php:5.1.4
cpe:/a:php:php:5.1.5
...
CWE    1
CWE-20

© 2013 SecPod Technologies