Description
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH WooCommerce Brands Add-On Security Bypass (1.3.6)
WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (1.7.4)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)
WordPress Plugin Events Manager Extended Multiple HTML Injection Vulnerabilities (3.1.2)