Description

The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

Remediation

References

CVE-2007-1081

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Brands Add-On Security Bypass (1.3.6)

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.7.4)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)

Django Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-23336)

WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)

Severity

High

Classification

CVE-2007-1081

Tags

Missing Update Known Vulnerabilities