icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP < 4.2.3 Mail Function Header Spoofing

Medium

Synopsis

The remote web server is running a version of PHP which is 4.2.2 or older.

Description

The remote web server is running a version of PHP which is 4.2.2 or older. This version has a bug in its mail() function which does not properly sanitize user input. As a result, users can forge email to make it look like it is coming from a different source that the server.

Solution

Upgrade to PHP 4.2.3 or higher.