无标签可用.

TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection

2007年02月21日 10:05 存在: 18 yrs
作者: TYPO3中国

Component Type: TYPO3 Core

Affected Versions: Below 4.0.5, 4.1beta, 4.1RC1

Vulnerability Type: Email header injection

Severity: low

 

Problem Description:

The internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.

Solution:

Update to TYPO3 version 4.0.5 or later.

Credits:

Credits go to Olivier Dobberkau, Andreas Otto, and Thorsten Kahler, who discovered and supplied a patch for this issue.

 


  打印版本  联系我们  到顶部   
最后更新日期 date