CVE-2006-7087

Name of the Vulnerable Software and Affected Versions Dotdeb PHP versions prior to 5.2.0 Rev 3

Description The issue allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHP SELF variable. This occurs due to a CRLF injection vulnerability in the mail function.

Recommendations For versions prior to 5.2.0 Rev 3, update to version 5.2.0 Rev 3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mail function to minimize the risk of exploitation. Avoid using CRLF sequences in the query string until the issue is resolved.