VULHUB ™

PHPFormMail is designed to be a replacement for Matt Wright's FormMail script implemented in the PHP programming language. PHPFormMail is used to send email defined by a number of CGI parameters. A vulnerability exists in some versions of PHPFormMail. The recipient of the email is specified by a CGI parameter. As a result, a malicious user may trivially specify any email address, effectively using the script as an open mail relay. This technique is well known, and commonly used for sending unsolicited commercial email.

PHPFormMail is designed to be a replacement for Matt Wright's FormMail script implemented in the PHP programming language. PHPFormMail is used to send email defined by a number of CGI parameters. A vulnerability exists in some versions of PHPFormMail. The recipient of the email is specified by a CGI parameter. As a result, a malicious user may trivially specify any email address, effectively using the script as an open mail relay. This technique is well known, and commonly used for sending unsolicited commercial email.