CVE-2016-4803

Published: Jun 30, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Affected (1)

Products: Dotcms: Dotcms

Dotcms

1 product

Dotcms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dotcms Dotcms	Up to 3.3.1

References (8)

http://seclists.org/fulldisclosure/2016/May/69

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/91529

Source: cve@mitre.org

https://dotcms.com/docs/latest/change-log#release-3.3.2

Source: cve@mitre.org

Vendor Advisory

https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2016/May/69

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/91529

Source: af854a3a-2127-422b-91ae-364da2661108

https://dotcms.com/docs/latest/change-log#release-3.3.2

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.elarlang.eu/cve-2016-4803-dotcms-email-header-injection-vulnerability-full-disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.