Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP Filter_Var函数FILTER_VALIDATE_EMAIL注入换行漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的ext/filter扩展在使用正则表达式库时存在漏洞,远程攻击者可能利用此漏洞输入恶意邮件。 PHP的ext/filter扩展内部对正则表达式使用了PCRE库。在FILTER_VALIDATE_EMAIL过滤器中没有使用"D"修饰符,而如果PCRE正则表达式中没有使用"D"修饰符的话,"$"的意思就不是"标题的末尾",而是"标题的末尾或接近带有单个换行符的末尾",这样恶意用户就可以在邮件头中注入换行符。
CVSS Information
N/A
Vulnerability Type
N/A