CVE-2007-4612

CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

Published: Aug 31, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4612
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
dale_mooney / contact_form	-	-

http://securityreason.com/securityalert/3079
http://www.securityfocus.com/archive/1/477851/100/0/threaded
http://www.securityfocus.com/bid/25457
https://exchange.xforce.ibmcloud.com/vulnerabilities/36290

Vulnerability Database

289,697

CVE-2007-4612