PHP < 4.2.3 Mail Function Header Spoofing
Medium Nessus Network Monitor Plugin ID 1481
SynopsisThe remote web server is running a version of PHP which is 4.2.2 or older.
DescriptionThe remote web server is running a version of PHP which is 4.2.2 or older. This version has a bug in its mail() function which does not properly sanitize user input. As a result, users can forge email to make it look like it is coming from a different source that the server.
SolutionUpgrade to PHP 4.2.3 or higher.