|
Family: CGI abuses --> Category: infos
PHP Mail Function Header Spoofing Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for version of PHP
Detailed Explanation for this Vulnerability Test
The remote host is running a version of PHP <= 4.2.2.
The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is
coming from a different source other than the server.
Users can exploit this even if SAFE_MODE is enabled.
Solution : Contact your vendor for the latest PHP release.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|