VULHUB ™

Throughout PHP-Nuke, the PHP mail() function is implemented to handle email through web-based intefaces for various purposes (for features such as "feedback", "send this to a friend", etc). There is no input validation performed on user data passed to this function. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages.

Throughout PHP-Nuke, the PHP mail() function is implemented to handle email through web-based intefaces for various purposes (for features such as "feedback", "send this to a friend", etc). There is no input validation performed on user data passed to this function. As a result, malicious users may embed CR/LF sequences to inject additional headers into outgoing messages.