The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vanillaforums vanilla |
PHPMailer bug leads to remote code execution via HTTP
Updated The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016. Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.” The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as...