Description

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.

Remediation

References

CVE-2007-1900

Related Vulnerabilities

OpenSSL Other Vulnerability (CVE-2016-0705)

Oracle HTTP Server Other Vulnerability (CVE-2006-5346)

Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

WordPress Plugin Slimstat Analytics SQL Injection (5.0.4)

WordPress Plugin BuddyPress 'page' Parameter SQL Injection (1.5.4)

Severity

Medium

Classification

CVE-2007-1900

Tags

Missing Update Known Vulnerabilities