Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

Apache mod_rewrite off-by-one buffer overflow vulnerability

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.20)

WordPress Plugin WooCommerce Social Login Privilege Escalation (2.7.3)

MySQL CVE-2021-2278 Vulnerability (CVE-2021-2278)

Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities