CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.

Date published : 2014-12-02

http://packetstormsecurity.com/files/129042/Anchor-CMS-0.9.2-Header-Injection.html