CVE-2001-1188

Brian Dorricott MAILTO <= 1.0.9 - Unauthenticated SPAM Email Relay via Hidden Form Field Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1188. PoCs published by http-equiv.

AI-analyzed exploit summary This is a writeup describing a vulnerability in MAILTO that allows an attacker to send emails through a remote host's server by manipulating form inputs. The provided HTML form demonstrates how an attacker could exploit this to send spam or phishing emails appearing to originate from the victim web host.

Description

mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.

Exploits (1)

exploitdb WRITEUP VERIFIED
by http-equiv · htmlremotewindows
https://www.exploit-db.com/exploits/21178

This is a writeup describing a vulnerability in MAILTO that allows an attacker to send emails through a remote host's server by manipulating form inputs. The provided HTML form demonstrates how an attacker could exploit this to send spam or phishing emails appearing to originate from the victim web host.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: MAILTO (version not specified)
No auth needed
Prerequisites: Access to a web server with MAILTO installed · Knowledge of the target's SMTP server details
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3669
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/244909

Scores

EPSS 0.0564
EPSS Percentile 92.0%

Details

Status published
Products (3)
brian_dorricott/mailto 1.0.7
brian_dorricott/mailto 1.0.8
brian_dorricott/mailto 1.0.9
Published Dec 11, 2001
Tracked Since Feb 18, 2026