The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T03:12:16.696Z
Reserved: 2002-08-23T00:00:00
Link: CVE-2002-0986
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-09-24T04:00:00.000
Modified: 2024-11-20T23:40:19.903
Link: CVE-2002-0986
Redhat