CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote malicious users to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
geeklog geeklog 1.35 |
||
geeklog geeklog 1.3.5_sr1 |