CVE-2006-1225

Published: Mar 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060314 [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue

mailing-list

x_refsource_BUGTRAQ

http://drupal.org/node/53806

x_refsource_CONFIRM

drupal-header-data-manipulation(25206)

vdb-entry

x_refsource_XF

DSA-1007

vendor-advisory

x_refsource_DEBIAN

23912

vdb-entry

x_refsource_OSVDB

17104

vdb-entry

x_refsource_BID

19245

third-party-advisory

x_refsource_SECUNIA

19257

third-party-advisory

x_refsource_SECUNIA

579

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2006-1225

Description

Affected Products

References