Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-2509

Date: May 8, 2007

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

Severity Score

Related Resources (39)

http://www.securitytracker.com/id?1018022
http://www.ubuntu.com/usn/usn-462-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-2509
http://www.redhat.com/support/errata/RHSA-2007-0349.html
https://rhn.redhat.com/errata/RHSA-2007-0348.html
http://www.redhat.com/support/errata/RHSA-2007-0888.html
https://nvd.nist.gov/vuln/detail/CVE-2007-2509
http://www.trustix.org/errata/2007/0017/
http://secunia.com/advisories/26967
http://secunia.com/advisories/25318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10839
http://rhn.redhat.com/errata/RHSA-2007-0889.html
http://securityreason.com/securityalert/2672
http://secunia.com/advisories/25255
http://secunia.com/advisories/26048
http://secunia.com/advisories/25191
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html
http://secunia.com/advisories/27351
http://secunia.com/advisories/25372
http://www.vupen.com/english/advisories/2007/2187
http://www.securityfocus.com/bid/23818
http://us2.php.net/releases/4_4_7.php
http://www.securityfocus.com/bid/23813
http://support.avaya.com/elmodocs2/security/ASA-2007-231.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:103
http://www.debian.org/security/2007/dsa-1296
http://www.debian.org/security/2007/dsa-1295
http://us2.php.net/releases/5_2_2.php
http://www.mandriva.com/security/advisories?name=MDKSA-2007:102
http://www.securityfocus.com/archive/1/463596/100/0/threaded
http://secunia.com/advisories/25365
https://access.redhat.com/security/cve/CVE-2007-2509
http://secunia.com/advisories/25660
http://secunia.com/advisories/25187
http://www.redhat.com/support/errata/RHSA-2007-0355.html
http://security.gentoo.org/glsa/glsa-200705-19.xml
http://secunia.com/advisories/25445
https://exchange.xforce.ibmcloud.com/vulnerabilities/34413
https://www.mend.io/vulnerability-database/CVE-2007-2509

Severity Score

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us