virus logo FortiClient Vulnerability

PHP CVE-2017-7272 Server Side Reqeust Forgery Vulnerability

description-logoDescription

PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.

affected-products-logoAffected Applications

PHP

CVE References

CVE-2017-7272

Other References

https://nvd.nist.gov/vuln/detail/CVE-2017-7272
ID 61984
Created Jan 09, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor PHP
Patch manual
Application PHP