Описание
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
Ссылки
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:dotdeb:dotdeb_php:4.4:*:*:*:*:*:*:*
cpe:2.3:a:dotdeb:dotdeb_php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:dotdeb:dotdeb_php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:dotdeb:dotdeb_php:5.0:*:*:*:*:*:*:*
cpe:2.3:a:dotdeb:dotdeb_php:5.1:*:*:*:*:*:*:*
cpe:2.3:a:dotdeb:dotdeb_php:5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01402
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
EPSS
Процентиль: 80%
0.01402
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other