- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 29784
- Проверка EDB
-
- Пройдено
- Автор
- STEFAN ESSER
- Тип уязвимости
- REMOTE
- Платформа
- PHP
- CVE
- cve-2007-1718 cve-2007-1717
- Дата публикации
- 2007-11-26
PHP 5.2.1 - Folded Mail Headers Email Header Injection
PHP:
source: https://www.securityfocus.com/bid/23145/info
PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages.
Exploiting this issue allows a malicious user to create arbitrary email headers, and then create and transmit spam messages from the affected computer.
The following versions are vulnerable:
PHP 4 up to and including 4.4.6
PHP 5 up to and including 5.2.1
<?php
mail("test@domain(dot)com", "Test\r\n \nAnother-Header: Blub", "Message");
?>- Источник
- www.exploit-db.com
