CVE-2006-7087

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.

Date published : 2007-02-27

http://www.securityfocus.com/bid/21075

http://www.securityfocus.com/archive/1/451528/100/0/threaded