CRLF injection vulnerability in the mail function in Dotdeb PHP prior to 5.2.0 Rev 3 allows remote malicious users to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dotdeb dotdeb php 4.4 |
||
dotdeb dotdeb php 5.0 |
||
dotdeb dotdeb php 5.1 |
||
dotdeb dotdeb php 5.2 |
||
dotdeb dotdeb php 4.4.3 |
||
dotdeb dotdeb php 4.4.4 |