CVE-2007-1898

Jetbox CMS 2.1 - Unauthenticated Arbitrary Email Spamming via formmail.php Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1898. PoCs published by Jesper Jurcenoks.

AI-analyzed exploit summary This exploit leverages an input-validation vulnerability in Jetbox CMS's formmail.php to send spam emails by manipulating the recipient, subject, and email headers via user-supplied input. The attack bypasses sanitization by injecting arbitrary email headers and content.

Description

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jesper Jurcenoks · textwebappsphp

https://www.exploit-db.com/exploits/30040

View Code ZIP pw:eip

This exploit leverages an input-validation vulnerability in Jetbox CMS's formmail.php to send spam emails by manipulating the recipient, subject, and email headers via user-supplied input. The attack bypasses sanitization by injecting arbitrary email headers and content.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Jetbox CMS 2.1

No auth needed

Prerequisites: Access to the formmail.php endpoint

MITRE ATT&CK