Vulnerabilities > CVE-2006-7020 - Remote Security vulnerability in Phpwcms

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

COMPLETE

Availability impact

NONE

network

low complexity

oliver-georgi

NVD

Published: 2007-02-15

Updated: 2017-07-29

Summary

CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).

Vulnerable Configurations

Part	Description	Count
Application	Oliver_Georgi Oliver Georgi Phpwcms *	1

References

http://secunia.com/advisories/19866
http://www.phpwcms.de/forum/viewtopic.php?t=10958
http://www.vupen.com/english/advisories/2006/1556
https://exchange.xforce.ibmcloud.com/vulnerabilities/26130