CVE-2007-4612

2007-08-3100:00:00

mitre

www.cve.org

AI Score

Confidence

Low

EPSS

0.005

Percentile

77.5%

JSON

CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

References

securityreason.com/securityalert/3079

www.securityfocus.com/archive/1/477851/100/0/threaded

www.securityfocus.com/bid/25457

exchange.xforce.ibmcloud.com/vulnerabilities/36290