Update for Typo3 intended to prevent spam
A flaw in the form engine of the popular content management system Typo3 allows arbitrary headers to be inserted in e-mails according to the developers, who have not provided any details. Attackers could exploit this hole to send spam, for example. Versions up to 4.0.4 as well as 4.1beta and 4.1RC1 are affected. This flaw has been remedied in version 4.0.5. Users should switch to this version as quickly as possible.
- TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection, security advisory at Typo3.org
(ehe)