PHP Mail Function Header Spoofing

medium Nessus Plugin ID 11444

Synopsis

A remote web application can be used to forge data.

Description

The remote host is running a version of PHP prior or equal to 4.2.2.

The mail() function does not properly sanitize user input.
This allows users to forge email to make it look like it is coming from a different source other than the server.

Users can exploit this even if SAFE_MODE is enabled.

Solution

Contact your vendor for the latest PHP release.

Plugin Details

Severity: Medium

ID: 11444

File Name: php_mail_func_header_spoof.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 3/23/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:php:php

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/30/2003

Reference Information

CVE: CVE-2002-0985, CVE-2002-0986

BID: 5562