Vulnerability Details CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html
- http://marc.info/?l=oss-security&m=122115344915232&w=2
- http://marc.info/?l=oss-security&m=122118210029084&w=2
- http://marc.info/?l=oss-security&m=122152798516853&w=2
- http://secunia.com/advisories/31789
- http://securityreason.com/securityalert/4275
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45070
- http://developer.joomla.org/security/news/273-20080903-core-commailto-spam.html
- http://marc.info/?l=oss-security&m=122115344915232&w=2
- http://marc.info/?l=oss-security&m=122118210029084&w=2
- http://marc.info/?l=oss-security&m=122152798516853&w=2
- http://secunia.com/advisories/31789
- http://securityreason.com/securityalert/4275
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45070
Products affected by CVE-2008-4103
-
cpe:2.3:a:joomla:com_mailto:*
-
cpe:2.3:a:joomla:joomla:1.5
-
cpe:2.3:a:joomla:joomla:1.5.1
-
cpe:2.3:a:joomla:joomla:1.5.2
-
cpe:2.3:a:joomla:joomla:1.5.3
-
cpe:2.3:a:joomla:joomla:1.5.4
-
cpe:2.3:a:joomla:joomla:1.5.5
-
cpe:2.3:a:joomla:joomla:1.5.6