EUVD-2007-1446

The FDF support ext/fdf in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST...

MOPB-17-2007:PHP ext/filter FDF Post Bypass Vulnerability

Summary Since PHP 5.2.0 there is a new filtering extension in PHP that is on the one hand supposed to be used by applications to filter user input and on the other hand able to enforce site wide filtering. However due to its broken design it is possible to sneak POST data through the site wide...