cbcvebase.

Matt Wright Formmail vulnerabilities

6 known vulnerabilities affecting matt_wright/formmail.

Total CVEs
6
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2009-1777P4MEDIUMCVSS 5.0PoCv1.922009-05-22
CVE-2009-1777 [MEDIUM] CWE-20 CVE-2009-1777: CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allo CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter.
nvd
CVE-2000-0411P4MEDIUMCVSS 5.0PoCv1.62000-05-10
CVE-2000-0411 [MEDIUM] CVE-2000-0411: Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
nvd
CVE-2009-1776P4MEDIUMCVSS 4.3PoC≤ 1.922009-05-22
CVE-2009-1776 [MEDIUM] CWE-79 CVE-2009-1776: Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.
nvd
CVE-2002-2109P4HIGHCVSS 7.5v1.0v1.1+8 more2002-12-31
CVE-2002-2109 [HIGH] CVE-2002-2109: Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and co Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
nvd
CVE-2001-0357P4HIGHCVSS 7.5≤ 1.62001-08-22
CVE-2001-0357 [HIGH] CVE-2001-0357: FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by m FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
nvd
CVE-2002-1771P4MEDIUMCVSS 5.0v1.0v1.1+8 more2002-12-31
CVE-2002-1771 [MEDIUM] CVE-2002-1771: Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by inj Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables.
nvd
Matt Wright Formmail vulnerabilities | cvebase