Description
CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)
WordPress Plugin PushEngage Web Push Notifications Cross-Site Scripting (1.5.8)
WordPress Plugin GD Star Rating 'wpfn' Parameter Cross-Site Scripting (1.9.8)
Jetty Other Vulnerability (CVE-2020-27216)
WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)