VULHUB ™

A vulnerability has been reported for Alexandria that may allow remote attackers to use the Alexandria system for proxying of unsolicited e-mail. The vulnerability exists in the 'sendmessage.php' script file. There is no input validation performed on user-supplied data passed to functions in the 'sendmessage.php' script file. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages. Attackers may exploit this weakness to manipulate the structure of outgoing messages to send unsolicited e-mail to unsuspecting users.

A vulnerability has been reported for Alexandria that may allow remote attackers to use the Alexandria system for proxying of unsolicited e-mail. The vulnerability exists in the 'sendmessage.php' script file. There is no input validation performed on user-supplied data passed to functions in the 'sendmessage.php' script file. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages. Attackers may exploit this weakness to manipulate the structure of outgoing messages to send unsolicited e-mail to unsuspecting users.