TYPO3-20070221-1: Email header injection

Categories: TYPO3 CMS
A problem has been discovered where the internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for.

Component Type: TYPO3 Core

Affected Versions: TYPO3 4.x below 4.0.5, 4.1beta, 4.1RC1, TYPO3 Versions 3.x

Vulnerability Type: Email header injection

Severity: low

Problem Description:
The internal form engine can be used for sending arbitrary mail headers, using it for purposes which it is not meant for. 

Solution:
Update to TYPO3 version 4.0.5 or later.

Credits:
Credits go to Olivier Dobberkau, Andreas Otto, and Thorsten Kahler, who discovered and supplied a patch for this issue.