• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP MB_Send_Mail TO Argument Header Injection Vulnerability

PHP is susceptible to a header-injection vulnerability when sending email. This issue is due to the application's failure to properly sanitize user-supplied input.

This issue allows remote attackers to add arbitrary headers to generated email messages. The results of this vary depending on the meaning of the injected headers. This may allow attackers to use vulnerable web applications as an anonymous email proxy.