Webbler CMS before 3.1.6 does not properly restrict use of mail a friend forms, which allows remote attackers to send arbitrary amounts of forged e-mail. NOTE: this could be leveraged for spam or phishing attacks.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Webbler_cms | Tincan | * | 3.1.4 (including) |
References
- http://osvdb.org/38994
- http://securityreason.com/securityalert/2955
- http://tincan.co.uk/?lid=1975
- http://www.procheckup.com/Vulner_2007.php
- http://www.securityfocus.com/archive/1/474521/100/0/threaded
- http://osvdb.org/38994
- http://securityreason.com/securityalert/2955
- http://tincan.co.uk/?lid=1975
- http://www.procheckup.com/Vulner_2007.php
- http://www.securityfocus.com/archive/1/474521/100/0/threaded