CVE-2007-1900
PHP 5.2.0-5.2.1 - CRLF Injection via FILTER_VALIDATE_EMAIL Filter
Title source: llmDescription
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
References (27)
Core 27
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26231
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25056
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27110
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1283
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/33962
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200705-19.xml
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2016
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33510
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25062
Vendor Advisory x_refsource_misc
http://www.php-security.org/MOPB/PMOPB-45-2007.html
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24824
Vendor Advisory vendor-advisory
x_refsource_trustix
http://www.trustix.org/errata/2007/0023/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-455-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3386
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27037
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
Release Notes x_refsource_confirm
http://www.php.net/releases/5_2_3.php
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25535
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27102
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25445
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23359
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25057
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_32_php.html
Scores
EPSS
0.0082
EPSS Percentile
74.5%
Details
Status
published
Products (2)
php/php
5.2.0
php/php
5.2.1
Published
Apr 10, 2007
Tracked Since
Feb 18, 2026