Description

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Remediation

References

CVE-2005-3883

Related Vulnerabilities

WordPress Plugin WooCommerce Checkout Manager Arbitrary File Upload (4.2.6)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Cross-Site Request Forgery (8.0.1)

WordPress Plugin WP Super Cache Cross-Site Scripting (1.7.2)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.5)

PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)

Severity

Medium

Classification

CVE-2005-3883

Tags

Missing Update Known Vulnerabilities