Description

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

Remediation

References

CVE-2006-1225

Related Vulnerabilities

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (2.0.9)

XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)

MySQL CVE-2024-21204 Vulnerability (CVE-2024-21204)

Oracle Database Server CVE-2015-2585 Vulnerability (CVE-2015-2585)

Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6592)

Severity

Medium

Classification

CVE-2006-1225

Tags

Missing Update Known Vulnerabilities