CMSimple 4.5.1: Email injection vulnerability

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
Posts: 13859
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE

CMSimple 4.5.1: Email injection vulnerability

Post by cmb » Wed Feb 18, 2015 9:58 pm

Hello Community,

I've just found an email injection vulnerability in CMSimple 4.5.1. It is easy to exploit (especially as CMSimple is Open Source software), but the severity is likely to be low (I'm neither an expert on security nor MTAs, though).

Unfortunately, the developer of CMSimple is not interested in accepting bug reports from me, so I post the issue here for your consideration. I will not publish any details, but the bug is easy to spot.
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply