Description
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2991 Vulnerability (CVE-2019-2991)
Internet Information Services Other Vulnerability (CVE-1999-1537)
WordPress Plugin Postie Multiple Vulnerabilities (1.9.40)
Oracle JRE CVE-2020-14796 Vulnerability (CVE-2020-14796)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0465)