• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Drupal Form_mail Module Multiple CRLF Injection Vulnerabilities

The Form_mail module for Drupal is prone to multiple CRLF-injection vulnerabilities.

Attackers may exploit these vulnerabilities to modify email headers and manipulate the structure of outgoing messages. For example, attackers may be able to set the recipient to an arbitrary value.

Revisions prior to 1.8.2.2 are vulnerable; other versions may also be affected.

These issues are related to one of the issues reported in BID 17104.