Vulnerability & Exploit Database

Back to search

PHP Multiple Vulnerabilities Fixed in version 5.2.2

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:N/I:C/A:N) May 03, 2007 August 26, 2008 May 26, 2016

Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

php-upgrade-5_2_2

Related Vulnerabilities