CVE-2016-4803 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-4803

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Affected Software

Name	Vendor	Start Version	End Version
Dotcms	Dotcms	*	3.3.1 (including)

References

http://seclists.org/fulldisclosure/2016/May/69
http://www.securityfocus.com/bid/91529
https://dotcms.com/docs/latest/change-log#release-3.3.2
https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html
http://seclists.org/fulldisclosure/2016/May/69
http://www.securityfocus.com/bid/91529
https://dotcms.com/docs/latest/change-log#release-3.3.2
https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html