Security Advisory

CVE-2006-7020

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2007-02-15 02:00:00

Last updated 2024-08-07 20:50:05

Assigner mitre

State PUBLISHED

Description

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).

← Browse all CVEs View on cve.org ↗