Drupal form_mail Module Arbitrary Mail Header Injection

2006-07-04T04:49:09
ID OSVDB:27011
Type osvdb
Reporter OSVDB
Modified 2006-07-04T04:49:09

Description

Solution Description

Upgrade to version 4.6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific News/Changelog Entry: http://drupal.org/node/72177 Secunia Advisory ID:20920 Keyword: DRUPAL-SA-2006-009 FrSIRT Advisory: ADV-2006-2670 CVE-2006-3473