6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.3%
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
www.php-security.org/MOPB/MOPB-17-2007.html
www.securityfocus.com/bid/22906