[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1900Date: (C)2007-04-10   (M)2023-12-22


CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a ' ' character, which causes a regular expression to ignore the subsequent part of the address string.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
2007-0023
BID-23359
SECUNIA-24824
SECUNIA-25056
SECUNIA-25057
SECUNIA-25062
SECUNIA-25445
SECUNIA-25535
SECUNIA-26231
SECUNIA-27037
SECUNIA-27102
SECUNIA-27110
OSVDB-33962
ADV-2007-2016
ADV-2007-3386
DSA-1283
FEDORA-2007-2215
GLSA-200705-19
GLSA-200710-02
SSA:2007-152-01
SSRT071447
SUSE-SA:2007:032
USN-455-1
http://www.php-security.org/MOPB/PMOPB-45-2007.html
http://www.php.net/releases/5_2_3.php
oval:org.mitre.oval:def:6067
php-filtervalidateemail-header-injection(33510)

CPE    2
cpe:/a:php:php:5.2.0
cpe:/a:php:php:5.2.1

© SecPod Technologies