Description

The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

Remediation

References

CVE-2007-1081

Related Vulnerabilities

WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7848)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42112)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8563)

Severity

High

Classification

CVE-2007-1081

Tags

Missing Update Known Vulnerabilities