Vulnerabilities > CVE-2006-7020 - Unspecified vulnerability in Oliver Georgi PHPwcms
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/19866
- http://www.phpwcms.de/forum/viewtopic.php?t=10958
- http://www.vupen.com/english/advisories/2006/1556
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26130
- http://secunia.com/advisories/19866
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26130
- http://www.vupen.com/english/advisories/2006/1556
- http://www.phpwcms.de/forum/viewtopic.php?t=10958