Lucene search
MitreCVE-2006-7020HistoryFeb 15, 2007 - 2:28 a.m.
CVE-2006-7020
2007-02-1502:28:00
mitre
web.nvd.nist.gov
24
crlf injection
phpwcms
security vulnerability
remote attackers
http headers
spam email
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:C/A:N
AI Score
6.9
Confidence
Low
EPSS
0.008
Percentile
81.5%
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
Affected configurations
Node
oliver_georgiphpwcmsRange≤1.1_rc3
ORoliver_georgiphpwcmsRange≤1.2.5_dev
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oliver_georgi | phpwcms | * | cpe:2.3:a:oliver_georgi:phpwcms:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2006-7020
2007-02-15 02:00:00
nvd
nvd
CVE-2006-7020
2007-02-15 02:28:00
securityvulns
securityvulns
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:C/A:N
AI Score
6.9
Confidence
Low
EPSS
0.008
Percentile
81.5%
Related for CVE-2006-7020