Published: 23/05/2017 Updated: 11/07/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The from method in library/core/class.email.php in Vanilla Forums prior to 2.3.1 allows remote malicious users to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vanillaforums vanilla

#!/bin/bash # # __ __ __ __ __ # / / ___ ____ _____ _/ / / / / /___ ______/ /_____ __________ # / / / _ \/ __ `/ __ `/ / / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/ # / /___/ __/ /_/ / /_/ / / / __ / /_/ / /__/ ,< / __/ / (__ ) # /_____/\___/\__, /\__,_/_/ /_/ /_/\__,_/ ...

Vanilla Forums versions 23 and below remote code execution exploit ...

Vanilla Forums has a plain-flavoured zero-day

The Register • Richard Chirgwin • 12 May 2017

PHPMailer bug leads to remote code execution via HTTP

Updated The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in December 2016. Published by ExploitBox, the zero-day “can be exploited by unauthenticated remote attackers to execute arbitrary code and fully compromise the target application when combined with Host Header injection vulnerability CVE-2016-10073.” The problem arises because Vanilla Forums inherits a bug in PHPMailer. The mailer uses PHP's mail() function as...

CVE-2016-10073

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect