CVE-2007-1898 - OpenCVE

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Hp	Hp-ux Tru64
Jetbox	Jetbox Cms
Linux	Linux Kernel
Microsoft	Windows 2000 Windows 2003 Server Windows 95 Windows 98 Windows 98se Windows Me Windows Nt Windows Xp
Santa Cruz Operation	Sco Unix
Sun	Solaris
Windriver	Bsdos

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:hp:tru64::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_95::::::::
	cpe:2.3:o:microsoft:windows_98::gold::::::*
	cpe:2.3:o:microsoft:windows_98se::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp::::::::
	cpe:2.3:o:santa_cruz_operation:sco_unix::::::::
	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:windriver:bsdos::::::::

cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2710
http://www.netvigilance.com/advisory0026
http://www.osvdb.org/34088
http://www.securityfocus.com/archive/1/468644/100/0/threaded
http://www.securityfocus.com/bid/23989
http://www.securitytracker.com/id?1018063
http://www.vupen.com/english/advisories/2007/1831
https://exchange.xforce.ibmcloud.com/vulnerabilities/34292

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-16T22:00:00

Updated: 2024-08-07T13:13:41.503Z

Reserved: 2007-04-09T00:00:00

Link: CVE-2007-1898

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-16T22:30:00.000

Modified: 2018-10-16T16:41:10.693

Link: CVE-2007-1898

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-15T00:00:00", "descriptions": [{"lang": "en", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "jetbox-formmail-mail-relay(34292)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292"}, {"tags": ["x_refsource_MISC"], "url": "http://www.netvigilance.com/advisory0026"}, {"name": "2710", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2710"}, {"name": "ADV-2007-1831", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1831"}, {"name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded"}, {"name": "1018063", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018063"}, {"name": "34088", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34088"}, {"name": "23989", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23989"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "jetbox-formmail-mail-relay(34292)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292"}, {"name": "http://www.netvigilance.com/advisory0026", "refsource": "MISC", "url": "http://www.netvigilance.com/advisory0026"}, {"name": "2710", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2710"}, {"name": "ADV-2007-1831", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1831"}, {"name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded"}, {"name": "1018063", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018063"}, {"name": "34088", "refsource": "OSVDB", "url": "http://www.osvdb.org/34088"}, {"name": "23989", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23989"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:41.503Z"}, "title": "CVE Program Container", "references": [{"name": "jetbox-formmail-mail-relay(34292)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.netvigilance.com/advisory0026"}, {"name": "2710", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2710"}, {"name": "ADV-2007-1831", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1831"}, {"name": "20070515 Jetbox CMS version 2.1 E-Mail Injection Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded"}, {"name": "1018063", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018063"}, {"name": "34088", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34088"}, {"name": "23989", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23989"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1898", "datePublished": "2007-05-16T22:00:00", "dateReserved": "2007-04-09T00:00:00", "dateUpdated": "2024-08-07T13:13:41.503Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*", "matchCriteriaId": "61A4F116-1FEE-450E-99AE-6AD9ACDDE570", "vulnerable": false}, {"criteria": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*", "matchCriteriaId": "1FE64F3F-48F6-493F-A81E-2B106FF73AC1", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F7322B-8022-4D0B-ADB3-D0F5B6F20309", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*", "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD", "vulnerable": false}, {"criteria": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECCBDA43-9C75-4B36-8C90-EF26B8CD777D", "vulnerable": false}, {"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9", "vulnerable": false}, {"criteria": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60ACA374-1434-4C02-8327-17BC9C000B65", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0916DF3D-71ED-423F-A2F4-842EE706ADDC", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters."}, {"lang": "es", "value": "formmail.php en Jetbox CMS 2.1 permite a atacantes remotos env\u00edar e-mails de su elecci\u00f3n a trav\u00e9s de recipientes modificados, a trav\u00e9s de los par\u00e1metros _SETTINGS[allowed_email_hosts][], y subject."}], "id": "CVE-2007-1898", "lastModified": "2018-10-16T16:41:10.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-16T22:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2710"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0026"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/34088"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/468644/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/23989"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.securitytracker.com/id?1018063"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1831"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}