Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Remediation

References

CVE-2007-1718

Related Vulnerabilities

WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)

WordPress Plugin WordPress Mobile app Builder-Convert WordPress site to native mobile apps Arbitrary File Upload (1.05)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-39151)

Moodle Other Vulnerability (CVE-2006-4940)

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

Severity

High

Classification

CVE-2007-1718

Tags

Missing Update Known Vulnerabilities