Description
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Remediation
References
Related Vulnerabilities
TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228)
SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3895)
WordPress Plugin Portfolio by BestWebSoft Cross-Site Scripting (2.39)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-21336)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)