Drupal Core is prone to a mail header injection vulnerability. Exploiting this issue could allow an attacker to use a vulnerable Drupal site to send unwanted emails. Drupal Core versions 4.5.x ranging from 4.5.0 and up to and including 4.5.7 are vulnerable.

Update to Drupal Core version 4.5.8 or latest

• https://www.drupal.org/node/53806