Description

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

Remediation

References

CVE-2016-10073

Related Vulnerabilities

Grafana Improper Input Validation Vulnerability (CVE-2022-39306)

b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)

MySQL CVE-2016-0607 Vulnerability (CVE-2016-0607)

WordPress Plugin RESPONSIVE 3D SLIDER SQL Injection (1.2)

MySQL CVE-2020-2694 Vulnerability (CVE-2020-2694)

Severity

High

Classification

CVE-2016-10073 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities