• This alert was generated using only banner information. It may be a false positive.
  
  The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.
  
  Affected PHP versions (up to 4.2.2).
  

• Upgrade PHP to the latest version.

• • BID 5562
  • PHP homepage

• 

• CVE-2002-0986

• CWE-20

• Abuse Of Functionality Missing Update

• WordPress Plugin JC Coupon Cross-Site Scripting (2.5)
• WordPress Plugin Google Pagespeed Insights Cross-Site Scripting (3.0.0)
• WordPress Plugin Visual Form Builder Multiple Cross-Site Scripting Vulnerabilities (2.8.6)
• WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1)
• WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)