Vulnerabilities > CVE-2006-7087 - Unspecified vulnerability in Dotdeb PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 6 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.html
- http://secunia.com/advisories/22877
- http://www.dotdeb.org/news/severe_security_hole_in_php_packages
- http://www.hardened-php.net/advisory_142006.139.html
- http://www.securityfocus.com/archive/1/451528/100/0/threaded
- http://www.securityfocus.com/archive/1/451839/100/0/threaded
- http://www.securityfocus.com/bid/21075
- http://www.vupen.com/english/advisories/2006/4531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30251