Geeklog Email Composition CRLF Injection Vulnerability

Geeklog Email Composition CRLF Injection Vulnerability

A vulnerability has been reported for Geeklog that may allow an attacker to include extra email headers when composing email to other Geeklog users.

Geeklog prevents the disclosure of a user's real email address for privacy reasons. However an attacker is able to obtain a user's real email address by including extra headers when composing an email using Geeklog's 'Send Email' facility.