CVE-2004-0259

Name of the Vulnerable Software and Affected Versions Formmail.php versions 5.0 and earlier

Description The issue allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer. This can be demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue, potentially leveraging the check referer() function.

Recommendations For Formmail.php versions 5.0 and earlier, consider disabling the check referer() function until a patch is available to prevent bypassing access restrictions.