Description
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-20070221-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32630
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24207
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0697
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/33471
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/22668
Scores
EPSS
0.0070
EPSS Percentile
72.2%
Details
Status
published
Products (2)
typo3/typo3
< 4.0.4
typo3/typo3
< 4.1 (2 CPE variants)
Published
Feb 22, 2007
Tracked Since
Feb 18, 2026