CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
Max CVSS
5.0
EPSS Score
0.21%
Published
2002-12-31
Updated
2008-09-05
1 vulnerabilities found