QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-1718

Back to search

CVE-2007-1718

Published: Mar 28, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

VendorProductVersions

n/a

n/a

affected
n/a

References

23145
vdb-entry
x_refsource_BID
25056
third-party-advisory
x_refsource_SECUNIA
DSA-1283
vendor-advisory
x_refsource_DEBIAN
oval:org.mitre.oval:def:10951
vdb-entry
signature
x_refsource_OVAL
GLSA-200705-19
vendor-advisory
x_refsource_GENTOO
1017946
vdb-entry
x_refsource_SECTRACK
RHSA-2007:0162
vendor-advisory
x_refsource_REDHAT
25062
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:090
vendor-advisory
x_refsource_MANDRIVA
USN-455-1
vendor-advisory
x_refsource_UBUNTU
24909
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:087
vendor-advisory
x_refsource_MANDRIVA
DSA-1282
vendor-advisory
x_refsource_DEBIAN
24924
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:0155
vendor-advisory
x_refsource_REDHAT
24965
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:089
vendor-advisory
x_refsource_MANDRIVA
25445
third-party-advisory
x_refsource_SECUNIA
25057
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2007:032
vendor-advisory
x_refsource_SUSE
25025
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:088
vendor-advisory
x_refsource_MANDRIVA
RHSA-2007:0153
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now