phPay Nu_mail.inc.PHP Open Email Relay Vulnerability

phPay Nu_mail.inc.PHP Open Email Relay Vulnerability

phPay is prone to a remote open-mail-relay vulnerability because the application fails to properly sanitize user-supplied input before using it to generate email messages.

An attacker may leverage the issue to use webservers that are hosting the vulnerable software to send arbitrary unsolicited bulk email. Attackers may also forge email messages that originate from trusted mail servers.