PHP mail function ASCII control character header spoofing vulnerability

Description
  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers. <br/><br/><span class="bb-navy"> Affected PHP versions (up to 4.2.2).</span><br/>
Remediation
  • Upgrade PHP to the latest version.
References