Description

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Remediation

References

CVE-2002-0986

Related Vulnerabilities

WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.6.1)

Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17569)

WordPress Plugin Essential Content Types Security Bypass (1.4)

WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)

WordPress Plugin Postmatic-Post and comment subscriptions that invite you to hit reply Cross-Site Scripting (1.4.5)

Severity

Medium

Classification

CVE-2002-0986

Tags

Missing Update Known Vulnerabilities