CVE-2007-1898

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-1898
formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://securityreason.com/securityalert/2710
http://www.netvigilance.com/advisory0026 Vendor Advisory
http://www.osvdb.org/34088 Vendor Advisory
http://www.securityfocus.com/archive/1/468644/100/0/threaded
http://www.securityfocus.com/bid/23989
http://www.securitytracker.com/id?1018063 Vendor Advisory
http://www.vupen.com/english/advisories/2007/1831
https://exchange.xforce.ibmcloud.com/vulnerabilities/34292
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*
cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*
cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*
History

No history.

Information

Published : 2007-05-16 22:30

Updated : 2024-02-04 17:13

NVD link : CVE-2007-1898

Mitre link : CVE-2007-1898

CVE.ORG link : CVE-2007-1898

JSON object : View

Products Affected

santa_cruz_operation

  • sco_unix

hp

  • tru64
  • hp-ux

microsoft

  • windows_98se
  • windows_2003_server
  • windows_me
  • windows_nt
  • windows_xp
  • windows_2000
  • windows_95
  • windows_98

sun

  • solaris

jetbox

  • jetbox_cms

linux

  • linux_kernel

apple

  • mac_os_x

windriver

  • bsdos
CWE
NVD-CWE-Other