CVE Vulnerabilities

CVE-2006-7087

Published: Mar 02, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.

Affected Software

Name Vendor Start Version End Version
Dotdeb_php Dotdeb 4.4.4 4.4.4
Dotdeb_php Dotdeb 5.2 5.2
Dotdeb_php Dotdeb 4.4.3 4.4.3
Dotdeb_php Dotdeb 5.0 5.0
Dotdeb_php Dotdeb 5.1 5.1
Dotdeb_php Dotdeb 4.4 4.4

References