Description

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Remediation

References

CVE-2005-3883

Related Vulnerabilities

WordPress Plugin White Label CMS Cross-Site Scripting (1.5.2)

WordPress Plugin Retain Live Chat Cross-Site Scripting (0.1)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

PHP Other Vulnerability (CVE-2015-7803)

Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1582)

Severity

Medium

Classification

CVE-2005-3883

Tags

Missing Update Known Vulnerabilities