Description
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Remediation
References
Related Vulnerabilities
ReviveAdserver Session Fixation Vulnerability (CVE-2016-9125)
WordPress Plugin Admin Custom Login Cross-Site Scripting (2.5.3.1)
WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)
WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll PHP Object Injection (1.5.5)
Squid Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9749)