Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Remediation

References

CVE-2007-1718

Related Vulnerabilities

WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)

WebLogic CVE-2020-2548 Vulnerability (CVE-2020-2548)

OpenSSL Improper Input Validation Vulnerability (CVE-2014-3513)

Moodle Configuration Vulnerability (CVE-2012-3392)

Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000195)

Severity

High

Classification

CVE-2007-1718

Tags

Missing Update Known Vulnerabilities