Description
This alert was generated using only banner information. It may be a false positive.
The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.
Affected PHP versions (up to 4.2.2).
Remediation
Upgrade PHP to the latest version.
References
Related Vulnerabilities
WordPress Plugin Travelpayouts:All Travel Brands in One Place Cross-Site Scripting (0.7.12)
WordPress Plugin AdRotate-Ad manager & AdSense Ads 'track' Parameter SQL Injection (3.6.5)
WebLogic Incorrect Authorization Vulnerability (CVE-2018-1258)
WordPress Plugin RSS for Yandex Turbo Cross-Site Scripting (1.29)