mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-02-15T11:00:00
Updated: 2024-08-07T16:48:55.223Z
Reserved: 2006-02-15T00:00:00
Link: CVE-2006-0712
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-02-15T11:06:00.000
Modified: 2024-11-21T00:07:09.800
Link: CVE-2006-0712
Redhat
No data.