Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7886)

WordPress Plugin Dokan-Best WooCommerce Multivendor Marketplace Solution-Build Your Own Amazon, eBay, Etsy Security Bypass (2.9.4)

Drupal Improper Authentication Vulnerability (CVE-2010-3686)

WordPress Plugin Thrive Ultimatum Security Bypass (2.3.9.3)

WordPress Plugin Qualified Electronic Signatures by eID Easy Supply Chain Attack [Polyfill.io] (3.3.0)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities