Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Cross-Site Request Forgery (3.2.11)

MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)

WordPress Plugin Ginger-EU Cookie Law Multiple Vulnerabilities (4.1.3)

Jenkins Passwords transmitted in plain text (CVE-2020-2251)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities