CVE-2007-1900

Name of the Vulnerable Software and Affected Versions: PHP versions 5.2.0 through 5.2.1

Description: A CRLF injection issue exists due to an incorrect regular expression used in the FILTER VALIDATE EMAIL filter. This allows attackers to inject arbitrary e-mail headers via an e-mail address containing a ' ' character, potentially enabling them to send unsolicited e-mail from the host.

Recommendations: For PHP versions 5.2.0 and 5.2.1, consider disabling the FILTER VALIDATE EMAIL function until a patch is available to prevent exploitation. Restrict the use of the ext/filter extension to minimize the risk of malicious mail header injection. Avoid using e-mail addresses with newline characters in the affected filter to prevent bypassing the regular expression.