phPay.Open.Email.Relay
Description
phPay is vulnerable to email header injection. A remote attacker could inject a specially-crafted email header in the nu_mail.inc.php script, using the 'mail_text2' parameter, which could be used for sending unsolicited email messages.
Affected Products
Andreas Kansok phPay 2.02 and 2.02.1
Impact
Successful exploit allows remote attackers to use the server as an open mail relay.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://phpay.sourceforge.net
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |