Jetbox CMS Email FormMail.PHP Input Validation Vulnerability

Bugtraq ID:	23989
Class:	Input Validation Error
CVE:	CVE-2007-1898 CVE-2007-2731
Remote:	Yes
Local:	No
Published:	May 15 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	Jesper Jurcenoks is credited with the discovery of this issue.
Vulnerable:	Jetbox Jetbox CMS 2.1
Not Vulnerable:

Jetbox CMS Email FormMail.PHP Input Validation Vulnerability

Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input.

Attackers can exploit this issue to send spam email in the context of the application.

Jetbox 2.1 is vulnerable; other versions may also be affected.

Jetbox CMS Email FormMail.PHP Input Validation Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

• /data/vulnerabilities/exploits/23989.html

Jetbox CMS Email FormMail.PHP Input Validation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Jetbox CMS Email FormMail.PHP Input Validation Vulnerability

References:

• Jetbox CMS Homepage (Jetbox)
  
• Jetbox CMS version 2.1 E-Mail Injection Vulnerability (netVigilance)