Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.5.2)

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)

IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2018-1814)

PHP Other Vulnerability (CVE-2000-0967)

WordPress Plugin Realtyna Organic IDX + WPL Real Estate Arbitrary File Upload (4.14.13)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities