[TYPO3-dev] TYPO3 Security Bulletin 20070221-1: Email header injection
Olivier Dobberkau
olivier.dobberkau at dkd.de
Wed Feb 21 22:55:18 CET 2007
in Beitrag mailman.1.1172092028.24995.typo3-dev at lists.netfielders.de schrieb
Tom Walter unter t3 at wnets.de am 21.02.2007 22:07 Uhr:
> Could you explain the risk a bit more specific?
> What consequences could a attack have when you rate it with severity low ?
Hi Tom,
People could tamper with the inputsfields to send spammail thru your server.
Have a look at this:
http://typo3.svn.sourceforge.net/viewvc/typo3/TYPO3core/tags/TYPO3_4-0-5/t3l
ib/class.t3lib_formmail.php?r1=1646&r2=2144
I am not sure if there is going to be a patch for older versions.
Any takers for a backport?
Olivier
More information about the TYPO3-dev
mailing list