CVE-2006-7020

Name of the Vulnerable Software and Affected Versions phpwcms versions 1.1 through 1.1 RC4 phpwcms versions 1.2.5-DEV and earlier

Description The issue allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP REFERER). This is due to a CRLF injection vulnerability in files such as include/inc act/act formmailer.php and possibly sample ext php/mail file form.php.

Recommendations For phpwcms versions 1.1 through 1.1 RC4, update to a version later than RC4 to resolve the issue. For phpwcms versions 1.2.5-DEV and earlier, update to a version later than 1.2.5-DEV to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files act formmailer.php and mail file form.php to minimize the risk of exploitation.