php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #17746 Injecting ASCII control characters into message header/body created with mail()
Submitted: 2002-06-13 12:40 UTC Modified: 2002-06-13 14:58 UTC
From: cliph at isec dot pl Assigned:
Status: Closed Package: Mail related
PHP Version: 4.2.1 OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cliph at isec dot pl
New email:
PHP Version: OS:

 

 [2002-06-13 12:40 UTC] cliph at isec dot pl 
Injecting ASCII control characters into mail() arguments

Arbitrary ASCII control characters may be injected into string arguments of mail() function. If mail() arguments are takeon from user's input it may give the user ability to alter message content including mail headers.

Example of such a vulnerability:

http://www.php.net/mailling-lists.php?maillist=rcpt@foo.bar%0aFrom:%20spammer@oh.ah%0a%0aMAIL%20BODY%0a.%0a&email=a

:-)

PHP should do content filtering before creating message body sent with "sendmail -t" command.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-06-13 14:58 UTC] sesser@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/. In case this was a documentation 
problem, the fix will show up soon at http://www.php.net/manual/.
In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites.
Thank you for the report, and for helping us make PHP better.



cvs commit message at:

http://lists.php.net/article.php?group=php.cvs&article=12348
 
PHP Copyright © 2001-2026 The PHP Group
All rights reserved. 		Last updated: Sat Feb 14 21:00:01 2026 UTC