2 matches found
CVE-2006-7020
The CVE-2006-7020 entry affects phpwcms up to 1.2.5-DEV and 1.1 before RC4, where a CRLF injection in include/inc_act/act_formmailer.php and possibly sample_ext_php/mail_file_form.php enables remote header manipulation and spoofed HTTP_REFERER to send spam via HTTP headers. Root cause: CRLF injec...
CVE-2006-7018
Affected software : phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4. Vulnerability : remote code execution via a crafted argument to the nome_evento parameter in phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, processed by the render_PHPcode function. Impact ...