Description
The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.
Affected PHP versions (up to 4.2.2).
Remediation
Upgrade PHP to the latest version.
References
Related Vulnerabilities
Oracle JRE CVE-2012-5088 Vulnerability (CVE-2012-5088)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2017-15286)
Joomla Other Vulnerability (CVE-2006-6834)
WordPress Plugin Pricing Table by Supsystic Cross-Site Request Forgery (1.8.0)
WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)