The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T03:12:16.696Z

Reserved: 2002-08-23T00:00:00

Link: CVE-2002-0986

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-09-24T04:00:00.000

Modified: 2024-11-20T23:40:19.903

Link: CVE-2002-0986

cve-icon Redhat

Severity : Moderate

Publid Date: 2002-08-23T00:00:00Z

Links: CVE-2002-0986 - Bugzilla