Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

WordPress Plugin Share Woocommerce to Email Cross-Site Scripting (1.0.1)

Microsoft SQL Server Other Vulnerability (CVE-2002-0056)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8149)

Oracle Application Server Credentials Management Errors Vulnerability (CVE-2004-1366)

WordPress Plugin WordPress Slider Block Gutenslider Cross-Site Scripting (5.1.5)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities