phPay.Open.Email.Relay

description-logoDescription

phPay is vulnerable to email header injection. A remote attacker could inject a specially-crafted email header in the nu_mail.inc.php script, using the 'mail_text2' parameter, which could be used for sending unsolicited email messages.

affected-products-logoAffected Products

Andreas Kansok phPay 2.02 and 2.02.1

Impact logoImpact

Successful exploit allows remote attackers to use the server as an open mail relay.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://phpay.sourceforge.net

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)