CVE-2006-7087

2007-03-02T16:18:00
ID CVE-2006-7087
Type cve
Reporter NVD
Modified 2018-10-16T12:29:25

Description

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.