CVE-2007-2509

Name	CVE-2007-2509
Description	CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1295-1, DSA-1296-1, DTSA-39-1, DTSA-40-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
php4	source	sarge	4:4.3.10-21		DSA-1296-1
php4	source	etch	6:4.4.4-8+etch3		DSA-1296-1
php4	source	lenny	6:4.4.4-9+lenny1		DTSA-40-1
php4	source	(unstable)	4.4.7-1	low
php5	source	etch	5.2.0-8+etch4		DSA-1295-1
php5	source	lenny	5.2.0-10+lenny1		DTSA-39-1
php5	source	(unstable)	5.2.2-1	low