formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.
2007-05-16T22:30:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 5.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | apple | mac_os_x | * | No |
| Operating System | hp | hp-ux | * | No |
| Operating System | hp | tru64 | * | No |
| Operating System | linux | linux_kernel | * | No |
| Operating System | microsoft | windows_2000 | * | No |
| Operating System | microsoft | windows_2003_server | * | No |
| Operating System | microsoft | windows_95 | * | No |
| Operating System | microsoft | windows_98 | * | No |
| Operating System | microsoft | windows_98se | * | No |
| Operating System | microsoft | windows_me | * | No |
| Operating System | microsoft | windows_nt | 4.0 | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | santa_cruz_operation | sco_unix | * | No |
| Operating System | sun | solaris | * | No |
| Operating System | windriver | bsdos | * | No |
| Application | jetbox | jetbox_cms | 2.1 | Yes |