Arbitrary Email Header Injection Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x

Arbitrary Email Header Injection Vulnerability in Request Tracker (RT) 3.8.x and 4.0.x

CVE-2012-4730 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.

Learn more about our Phishing Simulation.