• <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers. <br/><br/><span class="bb-navy"> Affected PHP versions (up to 4.2.2).</span><br/>

• Upgrade PHP to the latest version.

• • BID 5562
  • PHP homepage

• 

• CVE-2002-0986

• CWE-20

• Abuse Of Functionality Missing Update