CVE-2007-1718 (retired)

Priority
Description
CRLF injection vulnerability in the mail function in PHP 4.0.0 through
4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary
e-mail headers and possibly conduct spam attacks via a control character
immediately following folding of the (1) Subject or (2) To parameter, as
demonstrated by a parameter containing a "\r\n\t\n" sequence, related to an
increment bug in the SKIP_LONG_HEADER_SEP macro.
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2019-09-19 15:07:51 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)