PHP < 4.2.3 Mail Function Header Spoofing
Medium Log Correlation Engine Plugin ID 801069
DescriptionThe remote web server is running a version of PHP which is 4.2.2 or older. This version has a bug in its mail() function which does not properly sanitize user input. As a result, users can forge email to make it look like it is coming from a different source that the server.
SolutionUpgrade to PHP 4.2.3 or higher.