Vulnerabilities > CVE-2006-7087 - Unspecified vulnerability in Dotdeb PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html
- http://secunia.com/advisories/22877
- http://www.dotdeb.org/news/severe_security_hole_in_php_packages
- http://www.hardened-php.net/advisory_142006.139.html
- http://www.securityfocus.com/archive/1/451528/100/0/threaded
- http://www.securityfocus.com/archive/1/451839/100/0/threaded
- http://www.securityfocus.com/bid/21075
- http://www.vupen.com/english/advisories/2006/4531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30251
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30251
- http://www.vupen.com/english/advisories/2006/4531
- http://www.securityfocus.com/bid/21075
- http://www.securityfocus.com/archive/1/451839/100/0/threaded
- http://www.securityfocus.com/archive/1/451528/100/0/threaded
- http://www.hardened-php.net/advisory_142006.139.html
- http://www.dotdeb.org/news/severe_security_hole_in_php_packages
- http://secunia.com/advisories/22877