[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1718Date: (C)2007-03-27   (M)2023-12-22


CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a " " sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: COMPLETE
Availability: NONE
  
Reference:
SECTRACK-1017946
BID-23145
SECUNIA-24909
SECUNIA-24924
SECUNIA-24965
SECUNIA-25025
SECUNIA-25056
SECUNIA-25057
SECUNIA-25062
SECUNIA-25445
DSA-1282
DSA-1283
GLSA-200705-19
MDKSA-2007:087
MDKSA-2007:088
MDKSA-2007:089
MDKSA-2007:090
RHSA-2007:0153
RHSA-2007:0155
RHSA-2007:0162
SUSE-SA:2007:032
USN-455-1
http://us2.php.net/releases/5_2_2.php
http://www.php-security.org/MOPB/MOPB-34-2007.html
oval:org.mitre.oval:def:10951
php-mailfunction-header-injection(33516)

CPE    62
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
cpe:/a:php:php:5.1.4
...

© SecPod Technologies