CVE-2005-3883
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
Date published : 2005-11-29
http://www.securityfocus.com/bid/15571
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm