Sign in Get started

← All advisories

Unrated severityNVD Advisory· Published Dec 2, 2014· Updated May 6, 2026

CVE-2014-9182

CVE-2014-9182

Description

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.

Affected products

2

Anchorcms/Anchor CMS2 versions
cpe:2.3:a:anchorcms:anchor_cms:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:anchorcms:anchor_cms:*:*:*:*:*:*:*:*range: <=0.9.2
- cpe:2.3:a:anchorcms:anchor_cms:0.9.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.htmlnvdExploit

News mentions

0

No linked articles in our index yet.