Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP ext/filter FDF Post数据过滤绕过漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP新实现的ext/filter FDF扩展实现上存在漏洞,远程攻击者可能利用此绕过用户数据过滤,从而在服务器上执行各种注入攻击。 根据设计,PHP的内容过滤钩子会在所有解析用户输入并注册为变量的地方添加对输入过滤器的调用,以确定如何处理这些变量,但添加对其他POST内容类型支持的所有扩展也需要实现钩子,否则数据就会绕过过滤。如果安装了ext/fdf的话PHP就会捆绑一个对FDF POST数据格式的扩展,但没有调用输入过滤器
CVSS Information
N/A
Vulnerability Type
N/A