|
MIT CGIEmail Arbitrary Recipient Mail Relay Vulnerability
A vulnerability has been reported for cgiemail that allows cgiemail to act as an open relay for email. The vulnerability is due to failure of proper santization of user supplied values. In particular the new line code "%0a" is not filtered properly. As a result, a malicious user may trivially specify any email address, effectively using the script as an open mail relay. |
|
 Privacy Statement |
