Description
The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.
Affected PHP versions (up to 4.2.2).
Remediation
Upgrade PHP to the latest version.
References
Related Vulnerabilities
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.4.0)
WordPress Plugin WP Super Cache Cross-Site Scripting (1.4)
WordPress Plugin Soundy Audio Playlist Cross-Site Scripting (4.6)
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
WordPress Plugin Zielke Specialized Catalog Arbitrary File Upload (3.0.7)