Security Advisory

CVE-2007-1718

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-03-28 00:00:00

Last updated 2024-08-07 13:06:26

Assigner mitre

State PUBLISHED

Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "rntn" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

← Browse all CVEs View on cve.org ↗