Lucene search
HistoryFeb 15, 2006 - 11:06 a.m.
CVE-2006-0712
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.019
Percentile
88.7%
mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.
Affected configurations
Node
squishdotsquishdotMatch0.7.2
ORsquishdotsquishdotMatch1.0.0
ORsquishdotsquishdotMatch1.1.0
ORsquishdotsquishdotMatch1.2.1
ORsquishdotsquishdotMatch1.4.0
ORsquishdotsquishdotMatch1.4.1
ORsquishdotsquishdotMatch1.5.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| squishdot | squishdot | 0.7.2 | cpe:2.3:a:squishdot:squishdot:0.7.2:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.0.0 | cpe:2.3:a:squishdot:squishdot:1.0.0:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.1.0 | cpe:2.3:a:squishdot:squishdot:1.1.0:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.2.1 | cpe:2.3:a:squishdot:squishdot:1.2.1:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.4.0 | cpe:2.3:a:squishdot:squishdot:1.4.0:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.4.1 | cpe:2.3:a:squishdot:squishdot:1.4.1:*:*:*:*:*:*:* |
| squishdot | squishdot | 1.5.0 | cpe:2.3:a:squishdot:squishdot:1.5.0:*:*:*:*:*:*:* |
Related
prion
prion
Crlf injection
2006-02-15 11:06:00
cvelist
cvelist
CVE-2006-0712
2006-02-15 11:00:00
cve
cve
CVE-2006-0712
2006-02-15 11:06:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.019
Percentile
88.7%
Related for NVD:CVE-2006-0712