Описание
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.1_rc3 (включая)Версия до 1.2.5_dev (включая)
Одно из
cpe:2.3:a:oliver_georgi:phpwcms:*:*:*:*:*:*:*:*
cpe:2.3:a:oliver_georgi:phpwcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00388
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
EPSS
Процентиль: 59%
0.00388
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other