Vulnerability Details CVE-2016-10073
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.683
EPSS Ranking 98.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html
- https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html
- https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1
- https://www.exploit-db.com/exploits/41996/
- http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html
- https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html
- https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1
- https://www.exploit-db.com/exploits/41996/
Products affected by CVE-2016-10073
-
cpe:2.3:a:vanillaforums:vanilla:-
-
cpe:2.3:a:vanillaforums:vanilla:2.0.0
-
cpe:2.3:a:vanillaforums:vanilla:2.0.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.11
-
cpe:2.3:a:vanillaforums:vanilla:2.0.12
-
cpe:2.3:a:vanillaforums:vanilla:2.0.13
-
cpe:2.3:a:vanillaforums:vanilla:2.0.14
-
cpe:2.3:a:vanillaforums:vanilla:2.0.15
-
cpe:2.3:a:vanillaforums:vanilla:2.0.16
-
cpe:2.3:a:vanillaforums:vanilla:2.0.16.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.2
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.17.9
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.1
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.10
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.11
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.12
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.13
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.18.9
-
cpe:2.3:a:vanillaforums:vanilla:2.0.2
-
cpe:2.3:a:vanillaforums:vanilla:2.0.3
-
cpe:2.3:a:vanillaforums:vanilla:2.0.4
-
cpe:2.3:a:vanillaforums:vanilla:2.0.5
-
cpe:2.3:a:vanillaforums:vanilla:2.0.6
-
cpe:2.3:a:vanillaforums:vanilla:2.0.7
-
cpe:2.3:a:vanillaforums:vanilla:2.0.8
-
cpe:2.3:a:vanillaforums:vanilla:2.0.9
-
cpe:2.3:a:vanillaforums:vanilla:2.1.0
-
cpe:2.3:a:vanillaforums:vanilla:2.1.1
-
cpe:2.3:a:vanillaforums:vanilla:2.1.10
-
cpe:2.3:a:vanillaforums:vanilla:2.1.11
-
cpe:2.3:a:vanillaforums:vanilla:2.1.12
-
cpe:2.3:a:vanillaforums:vanilla:2.1.2
-
cpe:2.3:a:vanillaforums:vanilla:2.1.3
-
cpe:2.3:a:vanillaforums:vanilla:2.1.6
-
cpe:2.3:a:vanillaforums:vanilla:2.1.7
-
cpe:2.3:a:vanillaforums:vanilla:2.1.8
-
cpe:2.3:a:vanillaforums:vanilla:2.1.9
-
cpe:2.3:a:vanillaforums:vanilla:2.2.0
-
cpe:2.3:a:vanillaforums:vanilla:2.2.1
-
cpe:2.3:a:vanillaforums:vanilla:2.2.3.4
-
cpe:2.3:a:vanillaforums:vanilla:2.2.3.6
-
cpe:2.3:a:vanillaforums:vanilla:2.3.0