2.6
CVE-2007-2509
- EPSS 2.07%
- Veröffentlicht 09.05.2007 00:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.07% | 0.789 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://secunia.com/advisories/26048
http://secunia.com/advisories/25445
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://secunia.com/advisories/25255
http://www.trustix.org/errata/2007/0017/
http://secunia.com/advisories/25187
http://secunia.com/advisories/25191
http://secunia.com/advisories/25660
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
http://www.redhat.com/support/errata/RHSA-2007-0349.html
http://www.redhat.com/support/errata/RHSA-2007-0355.html
http://www.securityfocus.com/bid/23813
http://www.vupen.com/english/advisories/2007/2187
https://rhn.redhat.com/errata/RHSA-2007-0348.html
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://secunia.com/advisories/25318
http://secunia.com/advisories/25365
http://secunia.com/advisories/25372
http://secunia.com/advisories/26967
http://secunia.com/advisories/27351
http://securityreason.com/securityalert/2672
http://www.debian.org/security/2007/dsa-1295
http://www.debian.org/security/2007/dsa-1296
http://www.redhat.com/support/errata/RHSA-2007-0888.html
http://www.securityfocus.com/archive/1/463596/100/0/threaded
http://www.securityfocus.com/bid/23818
http://www.securitytracker.com/id?1018022
http://www.ubuntu.com/usn/usn-462-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/34413
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839