CRLF injection vulnerability in the ftp_putcmd function in PHP prior to 4.4.7, and 5.x prior to 5.2.2 allows remote malicious users to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 4.0.1 |
||
php php 4.0.7 |
||
php php 4.2.1 |
||
php php 4.2.2 |
||
php php 4.3.3 |
||
php php 4.3.4 |
||
php php 4.4.2 |
||
php php 4.4.3 |
||
php php 5.0.3 |
||
php php 5.0.4 |
||
php php 5.1.1 |
||
php php 5.1.2 |
||
php php 4.0.0 |
||
php php 4.0.4 |
||
php php 4.0.5 |
||
php php 4.0.6 |
||
php php 4.1.2 |
||
php php 4.2.0 |
||
php php 4.3.11 |
||
php php 4.3.2 |
||
php php 4.3.9 |
||
php php 4.4.0 |
||
php php 4.4.1 |
||
php php 5.0.1 |
||
php php 5.0.2 |
||
php php 5.1.0 |
||
php php 5.2.1 |
||
php php 4.0.2 |
||
php php 4.0.3 |
||
php php 4.2.3 |
||
php php 4.3.0 |
||
php php 4.3.5 |
||
php php 4.3.6 |
||
php php 4.4.4 |
||
php php 4.4.5 |
||
php php 5.0.5 |
||
php php 5.0 |
||
php php 5.1.3 |
||
php php 5.1.4 |
||
php php 4.1.0 |
||
php php 4.1.1 |
||
php php 4.3.1 |
||
php php 4.3.10 |
||
php php 4.3.7 |
||
php php 4.3.8 |
||
php php 4.4.6 |
||
php php 5.0.0 |
||
php php 5.1.5 |
||
php php 5.1.6 |
||
php php 5.2.0 |