CVE-2007-1452

PHP <= 5.2.0 - Filter Bypass via FDF Formatted POST

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1452. PoCs published by Stefan Esser.

AI-analyzed exploit summary This PoC exploits CVE-2007-1452 by bypassing PHP's ext/filter FDF POST filter to inject malicious data (XSS and SQLi payloads) via crafted FDF content. It demonstrates how the filter can be evaded by sending data in FDF format instead of standard POST.

Description

The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Esser · phpremotemultiple
https://www.exploit-db.com/exploits/3452

This PoC exploits CVE-2007-1452 by bypassing PHP's ext/filter FDF POST filter to inject malicious data (XSS and SQLi payloads) via crafted FDF content. It demonstrates how the filter can be evaded by sending data in FDF format instead of standard POST.

Classification
Working Poc 95%
Attack Type
Xss | Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHP (ext/filter) versions affected by CVE-2007-1452
No auth needed
Prerequisites: PHP with ext/filter enabled · Target endpoint accepting FDF POST data
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources x_refsource_misc
http://www.php-security.org/MOPB/MOPB-17-2007.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22906

Scores

EPSS 0.0515
EPSS Percentile 91.3%

Details

Status published
Products (15)
php/php 5.0 rc1 (3 CPE variants)
php/php 5.0.0
php/php 5.0.1
php/php 5.0.2
php/php 5.0.3
php/php 5.0.4
php/php 5.0.5
php/php 5.1.0
php/php 5.1.1
php/php 5.1.2
... and 5 more
Published Mar 14, 2007
Tracked Since Feb 18, 2026