e107 email.php Arbitrary Mail Relay

medium Nessus Plugin ID 21621

Synopsis

The remote web server contains a PHP script that can be used to send arbitrary email messages.

Description

The version of e107 installed on the remote host contains a script, 'email.php' that allows an unauthenticated user to send email messages to arbitrary users and to control, to a large degree, the content of those messages. This issue can be exploited to send spam or other types of abuse through the affected system.

Solution

Either remove the affected script or upgrade to e107 version 0.7.5 or later, which uses a 'captcha' system to minimize automated exploitation of this issue.

See Also

http://e107.org/e107_plugins/forum/forum_viewtopic.php?66179

https://e107.org/comment.php?comment.news.788

Plugin Details

Severity: Medium

ID: 21621

File Name: e107_email_injection.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 5/31/2006

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:e107:e107

Required KB Items: www/e107

Excluded KB Items: Settings/disable_cgi_scanning

Exploited by Nessus: true

Patch Publication Date: 5/23/2006

Vulnerability Publication Date: 5/23/2006

Reference Information

CVE: CVE-2006-2591