Sign-up

ID

VAR-200705-0013


CVE

CVE-2007-1898


TITLE

Jetbox CMS of formmail.php Spam spam vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003653

DESCRIPTION

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-1898 // JVNDB: JVNDB-2007-003653 // BID: 23989 // VULHUB: VHN-25260

AFFECTED PRODUCTS

vendor:jetboxmodel:cmsscope:eqversion:2.1

Trust: 2.1

vendor:windrivermodel:bsdosscope: - version: -

Trust: 0.6

sources: BID: 23989 // JVNDB: JVNDB-2007-003653 // CNNVD: CNNVD-200705-335 // NVD: CVE-2007-1898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1898
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1898
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200705-335
value: MEDIUM

Trust: 0.6

VULHUB: VHN-25260
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1898
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25260
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25260 // JVNDB: JVNDB-2007-003653 // CNNVD: CNNVD-200705-335 // NVD: CVE-2007-1898

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-335

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-200705-335

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003653

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-25260

PATCH
title:Jetbox CMSurl:http://jetbox.streamedge.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003653

EXTERNAL IDS
db:NVDid:CVE-2007-1898
Trust: 2.8
db:BIDid:23989
Trust: 2.0
db:SREASONid:2710
Trust: 1.7
db:OSVDBid:34088
Trust: 1.7
db:VUPENid:ADV-2007-1831
Trust: 1.7
db:SECTRACKid:1018063
Trust: 1.7
db:JVNDBid:JVNDB-2007-003653
Trust: 0.8
db:CNNVDid:CNNVD-200705-335
Trust: 0.7
db:XFid:34292
Trust: 0.6
db:BUGTRAQid:20070515 JETBOX CMS VERSION 2.1 E-MAIL INJECTION VULNERABILITY
Trust: 0.6
db:PACKETSTORMid:56801
Trust: 0.1
db:SEEBUGid:SSVID-83505
Trust: 0.1
db:EXPLOIT-DBid:30040
Trust: 0.1
db:VULHUBid:VHN-25260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25260 // 
            
            
            
            BID: 23989 // 
            
            
            
            JVNDB: JVNDB-2007-003653 // 
            
            
            
            CNNVD: CNNVD-200705-335 // 
            
            
            
            NVD: CVE-2007-1898

REFERENCES
url:http://www.securityfocus.com/bid/23989
Trust: 1.7
url:http://www.netvigilance.com/advisory0026
Trust: 1.7
url:http://www.osvdb.org/34088
Trust: 1.7
url:http://www.securitytracker.com/id?1018063
Trust: 1.7
url:http://securityreason.com/securityalert/2710
Trust: 1.7
url:http://www.securityfocus.com/archive/1/468644/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/1831
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34292
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1898
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1898
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34292
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/468644/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1831
Trust: 0.6
url:http://sourceforge.net/projects/jetboxone/
Trust: 0.3
url:/archive/1/468644
Trust: 0.3
sources:
            
            
            VULHUB: VHN-25260 // 
            
            
            
            BID: 23989 // 
            
            
            
            JVNDB: JVNDB-2007-003653 // 
            
            
            
            CNNVD: CNNVD-200705-335 // 
            
            
            
            NVD: CVE-2007-1898

CREDITS
Jesper Jurcenoks is credited with the discovery of this issue.
Trust: 0.9
sources:
            
            
            BID: 23989 // 
            
            
            
            CNNVD: CNNVD-200705-335

SOURCES
db:VULHUBid:VHN-25260
db:BIDid:23989
db:JVNDBid:JVNDB-2007-003653
db:CNNVDid:CNNVD-200705-335
db:NVDid:CVE-2007-1898

LAST UPDATE DATE
2024-11-23T21:49:05.095000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25260date:2018-10-16T00:00:00
db:BIDid:23989date:2016-07-06T14:39:00
db:JVNDBid:JVNDB-2007-003653date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200705-335date:2007-05-24T00:00:00
db:NVDid:CVE-2007-1898date:2024-11-21T00:29:25.010

SOURCES RELEASE DATE
db:VULHUBid:VHN-25260date:2007-05-16T00:00:00
db:BIDid:23989date:2007-05-15T00:00:00
db:JVNDBid:JVNDB-2007-003653date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200705-335date:2007-05-16T00:00:00
db:NVDid:CVE-2007-1898date:2007-05-16T22:30:00