Simple Form Mail Relaying Vulnerability Network Vulnerability

Summary

The target is running at least one instance of Simple Form which fails to validate the parameters 'admin_email_to' and 'admin_email_from'. An attacker, exploiting this flaw, would be able to send email through the server (utilizing the form) to any arbitrary recipient with any arbitrary message content. In other words, the remote host can be used as a mail relay for things like SPAM.

Solution

Upgrade to Simple Form 2.2 or later.

References

http://worldcommunity.com/opensource/utilities/simple_form.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Tiles Multiple XSS Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
/doc directory browsable ?

Take action and discover your vulnerabilities