Description

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

Remediation

References

CVE-2006-1225

Related Vulnerabilities

WordPress Plugin WP-Cal 'id' Parameter SQL Injection (0.3)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5340)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Directory Traversal (1.3.33)

WordPress Plugin WordPress Automatic SQL Injection (3.92.0)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)

Severity

Medium

Classification

CVE-2006-1225

Tags

Missing Update Known Vulnerabilities