Description

This alert was generated using only banner information. It may be a false positive.

The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.

Affected PHP versions (up to 4.2.2).

Remediation

Upgrade PHP to the latest version.

References

BID 5562

PHP homepage

Related Vulnerabilities

EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)

WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)

MySQL CVE-2019-2688 Vulnerability (CVE-2019-2688)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13596)

Severity

Medium

Classification

CVE-2002-0986 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Missing Update