formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mac_os_x | Apple | * | * |
| Hp-ux | Hp | * | * |
| Tru64 | Hp | * | * |
| Linux_kernel | Linux | * | * |
| Windows_2000 | Microsoft | * | * |
| Windows_2003_server | Microsoft | * | * |
| Windows_95 | Microsoft | * | * |
| Windows_98 | Microsoft | * | * |
| Windows_98se | Microsoft | * | * |
| Windows_me | Microsoft | * | * |
| Windows_nt | Microsoft | 4.0 (including) | 4.0 (including) |
| Windows_xp | Microsoft | * | * |
| Sco_unix | Santa_cruz_operation | * | * |
| Solaris | Sun | * | * |
| Bsdos | Windriver | * | * |
References
- http://securityreason.com/securityalert/2710
- http://www.netvigilance.com/advisory0026
- http://www.osvdb.org/34088
- http://www.securityfocus.com/archive/1/468644/100/0/threaded
- http://www.securityfocus.com/bid/23989
- http://www.securitytracker.com/id?1018063
- http://www.vupen.com/english/advisories/2007/1831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34292
- http://securityreason.com/securityalert/2710
- http://www.netvigilance.com/advisory0026
- http://www.osvdb.org/34088
- http://www.securityfocus.com/archive/1/468644/100/0/threaded
- http://www.securityfocus.com/bid/23989
- http://www.securitytracker.com/id?1018063
- http://www.vupen.com/english/advisories/2007/1831
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34292