RSS   Vulnerabilities for 'Contact form'   RSS

2007-08-30
 
CVE-2007-4612

CWE-20
 

 
CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

 

 >>> Vendor: Dale mooney 3 Products
Contact form
Moon gallery
Calendar events


Copyright 2024, cxsecurity.com

 

Back to Top