Primary

Context

Alfasado PowerCMS HTTP Header Injection Vulnerability Allowing Email Spoofing

Vulnerability

Patched

A vulnerability in Alfasado PowerCMS in versions through 6.6, 5.27, and 4.58 allows HTTP header injection. This issue can be exploited to manipulate URLs in emails sent by the application, such as password reset messages.

Impact

Exploitation of this vulnerability can lead to HTTP header injection, allowing for the manipulation of email content and URLs, potentially causing phishing or social engineering attacks.

Remediation

Users are advised to update PowerCMS to the latest version. PowerCMS 6.61, 5.28, and 4.59 have addressed this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Alfasado PowerCMS HTTP Header Injection Vulnerability Allowing Email Spoofing

Vulnerability

Impact

Remediation

Affected Products

Alfasado PowerCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating