Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4612


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4612
Last Modified 05 Sep 2008 05:28:40
Published 30 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.

Vulnerable Systems


  • Dale Mooney Contact Form


XF - mwcontactform-contact-crlf-injection(36290)

BID - 25457

BUGTRAQ - 20070826 Moonware Software Multiple Vulnerabilities

SREASON - 3079

Last Updated: 27 May 2016 10:45:54