CVE-2006-7087 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-7087
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-7087

Description: CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/30251 SAID Secunia Advisory: SA22877 MISC http://www.hardened-php.net/advisory_142006.139.html FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html CONFIRM http://www.dotdeb.org/news/severe_security_hole_in_php_packages BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/451528/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/451839/100/0/threaded BID 21075

Return to the previous page.