PT-2007-4047 · Jetbox · Jetbox Cms
Publicado
2007-05-16
·
Atualizado
2018-10-16
·
CVE-2007-2731
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:H/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Jetbox CMS version 2.1
Description
A CRLF injection issue exists, potentially allowing remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the
subject parameter.Recommendations
For Jetbox CMS version 2.1, consider restricting the use of the
subject parameter in the formmail.php file until a patch is available. Avoid using LF (%0A) sequences in the subject parameter to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Jetbox Cms