In association with heise online

05 July 2006, 16:10

Drupal module open to spammers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An update for the optional Form_Mail module in the Drupal CMS is intended to prevent attackers from using the system as a platform for spam. According to the developers, the module does not filter out line feeds and carriage returns from email headers, so that it may even be possible to manipulate the headers of outgoing emails. The flaw has been remedied in version 4.6.0. According to the security announcement, the problem does not affect Drupal core. In earlier versions, however, the email header could also be manipulated by means of holes in the core.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit