// For flags

CVE-2007-1900

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '
' character, which causes a regular expression to ignore the subsequent part of the address string.

Vulnerabilidad de inyección CRLF (retorno de carro y nueva línea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electrónico de su elección mediante una dirección de correo con un carácter '
', lo cual provoca que una expresión regular ignore la correspondiente parte de la cadena de dirección.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-04-10 CVE Reserved
  • 2007-04-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (27)
URL Tag Source
http://secunia.com/advisories/25056 Third Party Advisory
http://secunia.com/advisories/25057 Third Party Advisory
http://secunia.com/advisories/25062 Third Party Advisory
http://secunia.com/advisories/25445 Third Party Advisory
http://secunia.com/advisories/25535 Third Party Advisory
http://secunia.com/advisories/26231 Third Party Advisory
http://secunia.com/advisories/27037 Third Party Advisory
http://secunia.com/advisories/27102 Third Party Advisory
http://secunia.com/advisories/27110 Third Party Advisory
http://www.osvdb.org/33962 Vdb Entry
http://www.php.net/releases/5_2_3.php X_refsource_confirm
http://www.securityfocus.com/bid/23359 Vdb Entry
http://www.vupen.com/english/advisories/2007/2016 Vdb Entry
http://www.vupen.com/english/advisories/2007/3386 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/33510 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 2017-10-11
http://secunia.com/advisories/24824 2017-10-11
http://security.gentoo.org/glsa/glsa-200705-19.xml 2017-10-11
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863 2017-10-11
http://www.debian.org/security/2007/dsa-1283 2017-10-11
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml 2017-10-11
http://www.novell.com/linux/security/advisories/2007_32_php.html 2017-10-11
http://www.php-security.org/MOPB/PMOPB-45-2007.html 2017-10-11
http://www.trustix.org/errata/2007/0023 2017-10-11
http://www.ubuntu.com/usn/usn-455-1 2017-10-11
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html 2017-10-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.0
Search vendor "Php" for product "Php" and version "5.2.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.1
Search vendor "Php" for product "Php" and version "5.2.1"
-
Affected