CVE-2005-3883

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.1.0

Description The issue is related to a CRLF injection vulnerability in the mb send mail function. This could allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the To address argument.

Recommendations For PHP versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing the To address argument to prevent line feeds (LF) from being injected. Restrict access to the mb send mail function to minimize the risk of exploitation.