CVE-2006-0712

Name of the Vulnerable Software and Affected Versions Squishdot versions 1.5.0 and earlier

Description The issue concerns a problem with the mail html template where it does not properly validate the email and title variables. This allows remote attackers to bypass spam filters by injecting SMTP headers, likely due to a CRLF injection vulnerability.

Recommendations For Squishdot versions 1.5.0 and earlier, as a temporary workaround, consider validating the email and title variables to prevent CRLF injection. Restrict access to the mail html template to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.