CVE-2002-1917

Name of the Vulnerable Software and Affected Versions Geeklog versions 1.3.5 through 1.3.5sr1

Description A CRLF injection issue in the "User Profile: Send Email" feature allows remote attackers to obtain email addresses by injecting a CRLF into the Subject field and adding a BCC mail header.

Recommendations For Geeklog versions 1.3.5 through 1.3.5sr1, consider disabling the "User Profile: Send Email" feature until a patch is available to prevent exploitation. Restrict access to the email functionality to minimize the risk of attackers obtaining email addresses.