CVE-2006-7020

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).

Published: Feb 15, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-7020
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:C/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oliver_georgi / phpwcms	-	1.1_rc3.x
oliver_georgi / phpwcms	-	1.2.5_dev.x

http://secunia.com/advisories/19866
http://www.phpwcms.de/forum/viewtopic.php?t=10958
http://www.vupen.com/english/advisories/2006/1556
https://exchange.xforce.ibmcloud.com/vulnerabilities/26130

Vulnerability Database

290,301

CVE-2006-7020