Email Header Injection Vulnerability in Request Tracker by Best Practical
CVE-2012-4730

Currently unrated

Key Information:

Vendor: Bestpractical
Status: Rt
Vendor: CVE Published:; 11 November 2012

🔔 Create Bestpractical Vulnerability Alert

What is CVE-2012-4730?

Request Tracker prior to version 3.8.15 in the 3.8.x series and prior to 4.0.8 in the 4.0.x series allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers. This vulnerability can be exploited to conduct phishing attacks or to extract sensitive information through unknown vectors, posing a significant risk to users' data and privacy.

References

http://lists.bestpractical.com/pipermail/rt-announce/2012...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 11, 2012

CVE-2012-4730 Data

JSON