News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Dotdeb PHP Email Header Injection Vulnerability
November 14, 2006 @ 14:13:00

The Hardened PHP Project has released another vulnerability today for the Dotdeb PHP package repository software. The exploit allows for an email header injection.

It was discovered that the Dotdeb PHP packages are patched with a mail() protection patch that was originally created by Steve Bennett and is nowadays developed at This patch adds an X-PHP-Script header to outgoing mails that contains the name of the server, the script and the calling IP.

An example of an attack via this issue would be injecting Bcc: headers into emails with sensitive information, copying them to themselves. The latest version of the package can be downloaded from their site. It is suggested that versions less than 5.2.0 Rev 3 upgrade immediately.

0 comments voice your opinion now!
dotdeb email header injection vulnerability advisory dotdeb email header injection vulnerability advisory

blog comments powered by Disqus

Similar Posts

Community News: James Atkinson (Founder of phpBB) Officially Steps Down

Kevin Schroeder's Blog: ZF2 Dependency Injection - Multiple Object Instances

Lars Strojny's Blog: Dependency Injection Container Refactorings, Part One PHPChain Two Cross-Site Scripting Vulnerabilities

Dave Gardner's Blog: Caching dependency-injected objects

Community Events

Don't see your event here?
Let us know!

version api podcast voicesoftheelephpant library language extension opinion unittest security laravel community release series laravel5 framework threedevsandamaybe introduction interview symfony

All content copyright, 2015 :: - Powered by the Solar PHP Framework