CVE-2006-7087

2007-03-02T16:18:00
ID CVE-2006-7087
Type cve
Reporter NVD
Modified 2017-07-28T21:29:49

Description

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.