Описание
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:geeklog:geeklog:1.3.5_sr1:*:*:*:*:*:*:*
cpe:2.3:a:geeklog:geeklog:1.35:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
EPSS
Процентиль: 60%
0.00391
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other