Описание
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mit:cgiemail:1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00524
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 21 года назад
cgiemail allows remote attackers to use cgiemail as a spam proxy via C ...
github
больше 3 лет назад
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
EPSS
Процентиль: 66%
0.00524
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other