Description

The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

Remediation

References

CVE-2007-1081

Related Vulnerabilities

b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)

WordPress Plugin Content Audit Blind SQL Injection (1.6)

Internet Information Services Other Vulnerability (CVE-2000-0167)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2007-6422)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.9.63)

Severity

High

Classification

CVE-2007-1081

Tags

Missing Update Known Vulnerabilities