Lucene search

[email protected]CVE-2006-7020

HistoryFeb 15, 2007 - 2:28 a.m.

CVE-2006-7020

2007-02-1502:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

crlf injection

phpwcms

security vulnerability

remote attackers

http headers

spam email

7.2 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).

CPENameOperatorVersion
oliver_georgi:phpwcmsoliver georgi phpwcmsle1.1_rc3
oliver_georgi:phpwcmsoliver georgi phpwcmsle1.2.5_dev

CPE	Name	Operator	Version
oliver_georgi:phpwcms	oliver georgi phpwcms	le	1.1_rc3
oliver_georgi:phpwcms	oliver georgi phpwcms	le	1.2.5_dev

References

secunia.com/advisories/19866

www.phpwcms.de/forum/viewtopic.php?t=10958

www.vupen.com/english/advisories/2006/1556

exchange.xforce.ibmcloud.com/vulnerabilities/26130

7.2 High

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:C/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2006-7020

securityvulns1