CVE-2006-7087

CVE-2006-7087 affects Dotdeb PHP prior to 5.2.0 Rev 3. It describes a CRLF injection vulnerability in the mail() function allowing remote attackers to bypass protections and inject arbitrary email headers via CRLF sequences in the query string processed through the PHP_SELF variable. Demonstrated...