Vigil@nce - PHP: hearder injection via imap_mail_compose
May 2021 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer/Computer-vulnerabilities-watch-and-alert
SYNTHESIS OF THE VULNERABILITY
– Impacted products: Fedora, PHP.
– Severity: 1/4.
– Consequences: data creation/edition, disguisement.
– Provenance: user account.
– Confidence: confirmed by the editor (5/5).
– Creation date: 30/04/2021.
DESCRIPTION OF THE VULNERABILITY
An attacker can inject mail headers via imap_mail_compose of PHP.
ACCESS TO THE FULL VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/PHP-hearder-injection-via-imap-mail-compose-35211