PHP mail function ASCII control character header spoofing vulnerability

  • This alert was generated using only banner information. It may be a false positive.

    The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.

    Affected PHP versions (up to 4.2.2).
  • Upgrade PHP to the latest version.