PT-2004-1413 · Nms · Formmail.Php
Nourredine Himeur
·
Published
2004-03-18
·
Updated
2017-07-11
·
CVE-2004-0259
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Formmail.php versions 5.0 and earlier
Description
The issue allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer. This can be demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue, potentially leveraging the
check referer() function.Recommendations
For Formmail.php versions 5.0 and earlier, consider disabling the
check referer() function until a patch is available to prevent bypassing access restrictions.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Formmail.Php