CVE-2007-4612

Dale Mooney Gallery - CRLF Injection via Contact Form Subject Parameter

Title source: llm
STIX 2.1

Description

CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3079
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25457
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36290
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/477851/100/0/threaded

Scores

EPSS 0.0107
EPSS Percentile 61.0%

Details

CWE
CWE-20
Status published
Products (1)
dale_mooney/contact_form
Published Aug 31, 2007
Tracked Since Feb 18, 2026