Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

Oracle JRE CVE-2022-21426 Vulnerability (CVE-2022-21426)

Ruby Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-25613)

Perl Improper Certificate Validation Vulnerability (CVE-2023-31484)

Resin Application Server Other Vulnerability (CVE-2012-2966)

WordPress Plugin EWWW Image Optimizer Cross-Site Request Forgery (5.8.1)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities