CVE-2007-1717

PHP <4.4.7 and <5.2.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1717.

AI-analyzed exploit summary This exploit demonstrates an email-header-injection vulnerability in PHP's mail() function by injecting arbitrary headers via CRLF sequences. It allows attackers to manipulate email headers, potentially enabling spam or phishing attacks.

Description

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

Exploits (1)

exploitdb WORKING POC

phpremotephp

https://www.exploit-db.com/exploits/29784

View Code ZIP pw:eip

This exploit demonstrates an email-header-injection vulnerability in PHP's mail() function by injecting arbitrary headers via CRLF sequences. It allows attackers to manipulate email headers, potentially enabling spam or phishing attacks.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: PHP 4 up to 4.4.6, PHP 5 up to 5.2.1

No auth needed

Prerequisites: Access to a vulnerable PHP installation with mail() function enabled

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1059.004 - Unix Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/2732

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25056

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/33518

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200705-19.xml

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23146

Exploit x_refsource_misc

http://www.php-security.org/MOPB/MOPB-33-2007.html

Release Notes x_refsource_confirm

http://us2.php.net/releases/4_4_7.php

Release Notes x_refsource_confirm

http://us2.php.net/releases/5_2_2.php

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=306172

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25159

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25445

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2007_32_php.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26235

Scores

EPSS 0.0465

EPSS Percentile 90.6%

Details

Status published

Products (36)

php/php 4.0 (8 CPE variants)

php/php 4.0.0

php/php 4.0.1 (3 CPE variants)

php/php 4.0.2

php/php 4.0.3 (2 CPE variants)

php/php 4.0.4 (2 CPE variants)

php/php 4.0.5

php/php 4.0.6

php/php 4.0.7 (4 CPE variants)

php/php 4.1.0

... and 26 more

Published Mar 28, 2007

Tracked Since Feb 18, 2026