CVE-2002-1575 Information

Description

cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (0a) characters in parameters such as \required-subject\ which can be used to modify the CC BCC and other header fields in the generated email message.

Reference

http://marc.info/?l=bugtraq&m=102406554627053&w=2 http://marc.info/?l=bugtraq&m=106520691705768&w=2 http://www.debian.org/security/2004/dsa-437 http://www.securityfocus.com/bid/5013 https://exchange.xforce.ibmcloud.com/vulnerabilities/9361