Lucene search

[email protected]CVE-2007-4612

HistoryAug 31, 2007 - 12:17 a.m.

CVE-2007-4612

2007-08-3100:17:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-4612

crlf injection

contact.php

moonware

dale mooney gallery

remote attackers

mail headers

spam

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

Affected configurations

NVD

Node

dale_mooneycontact_form

CPENameOperatorVersion
dale_mooney:contact_formdale mooney contact formeq*

CPE	Name	Operator	Version
dale_mooney:contact_form	dale mooney contact form	eq	*

References

securityreason.com/securityalert/3079

www.securityfocus.com/archive/1/477851/100/0/threaded

www.securityfocus.com/bid/25457

exchange.xforce.ibmcloud.com/vulnerabilities/36290

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2007-4612

cvelist1 nvd1 prion1