Description
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-5072 Vulnerability (CVE-2012-5072)
OpenSSL Other Vulnerability (CVE-2015-0209)
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-15013)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4226)
Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426)