CVE-2006-7087
Description
CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP_SELF variable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CRLF injection in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to inject arbitrary email headers via the PHP_SELF variable.
Vulnerability
The mail function in Dotdeb PHP versions before 5.2.0 Rev 3 is vulnerable to CRLF injection. The protection scheme meant to prevent header injection can be bypassed by including CRLF sequences (%0d%0a) in the query string, which is processed via the PHP_SELF variable [1].
Exploitation
An attacker can send a crafted HTTP request to a server running the vulnerable Dotdeb PHP version, embedding CRLF sequences in the query string. When the mail function is invoked, the PHP_SELF variable containing the injected sequence is used, allowing arbitrary email headers to be appended [1]. No authentication is required.
Impact
Successful exploitation enables an attacker to inject arbitrary email headers, potentially leading to email spoofing, content manipulation, or additional attacks such as SMTP injection if the mail transfer agent processes the injected headers [1].
Mitigation
Upgrade to Dotdeb PHP 5.2.0 Rev 3 or later, where the CRLF filtering in PHP_SELF is correctly applied [1]. No workaround is documented for unpatched versions.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:dotdeb:dotdeb_php:4.4:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:dotdeb:dotdeb_php:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:dotdeb:dotdeb_php:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:dotdeb:dotdeb_php:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:dotdeb:dotdeb_php:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:dotdeb:dotdeb_php:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:dotdeb:dotdeb_php:5.2:*:*:*:*:*:*:*
- Range: <5.2.0 Rev 3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.dotdeb.org/news/severe_security_hole_in_php_packagesnvdPatchVendor Advisory
- www.securityfocus.com/bid/21075nvdPatchVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-November/050712.htmlnvdVendor Advisory
- secunia.com/advisories/22877nvdVendor Advisory
- www.hardened-php.net/advisory_142006.139.htmlnvdVendor Advisory
- www.securityfocus.com/archive/1/451528/100/0/threadednvd
- www.securityfocus.com/archive/1/451839/100/0/threadednvd
- www.vupen.com/english/advisories/2006/4531nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/30251nvd
News mentions
0No linked articles in our index yet.