CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Dotdeb_php | Dotdeb | 4.4.4 | 4.4.4 |
Dotdeb_php | Dotdeb | 5.2 | 5.2 |
Dotdeb_php | Dotdeb | 4.4.3 | 4.4.3 |
Dotdeb_php | Dotdeb | 5.0 | 5.0 |
Dotdeb_php | Dotdeb | 5.1 | 5.1 |
Dotdeb_php | Dotdeb | 4.4 | 4.4 |