CVE-2004-0259

The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0259
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
joe_lumbroso_acks / formmail.php	5.0	5.0.x
joe_lumbroso_acks / formmail.php	2.0	2.0.x

http://marc.info/?l=bugtraq&m=107619109629629&w=2
http://www.securityfocus.com/bid/9591
https://exchange.xforce.ibmcloud.com/vulnerabilities/15079

Vulnerability Database

290,018

CVE-2004-0259