← back
CVE-2005-3883

CVE-2005-3883

EPSS 3.1%
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugs.php.net/bug.php?id=35307http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://secunia.com/advisories/17763http://secunia.com/advisories/18054http://secunia.com/advisories/18198http://secunia.com/advisories/19832http://secunia.com/advisories/20210http://secunia.com/advisories/20951http://securitytracker.com/id?1015296https://exchange.xforce.ibmcloud.com/vulnerabilities/23270https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332