CVE-2016-10073
Description
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Metasploit modules
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| vanillaforums | vanilla | {"endIncluding":"2.3.0"} | |
References
- http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html
- https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html
- https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1
- https://www.exploit-db.com/exploits/41996/
- http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html
- https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html
- https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1
- https://www.exploit-db.com/exploits/41996/
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.