CVE-2016-10073 : The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the emai

The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a crafted HTTP Host header, as demonstrated by a password reset request.

Published 2017-05-23 04:29:01

Updated 2019-07-11 12:45:44

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2016-10073

Probability of exploitation activity in the next 30 days: 0.80%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2016-10073

HTTP Host Header Injection Detection

First seen: 2020-04-26

auxiliary/scanner/http/host_header_injection

Checks if the host is vulnerable to Host header injection Authors: - Jay Turla - Medz Barao

More information

CVSS scores for CVE-2016-10073

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-10073

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-10073

http://packetstormsecurity.com/files/142486/Vanilla-Forums-2.3-Remote-Code-Execution.html

Vanilla Forums 2.3 Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://exploitbox.io/vuln/Vanilla-Forums-Exploit-Host-Header-Injection-CVE-2016-10073-0day.html

Vanilla Forums <= 2.3 Host Header Injection CVE-2016-10073 [0day]
Exploit;Third Party Advisory
https://open.vanillaforums.com/discussion/33498/critical-security-release-vanilla-2-3-1

Critical security release: Vanilla 2.3.1 — Vanilla Forums
Patch;Vendor Advisory
https://www.exploit-db.com/exploits/41996/

Vanilla Forums < 2.3 - Remote Code Execution
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2016-10073

Vanillaforums » Vanilla
Versions up to, including, (<=) 2.3.0
cpe:2.3:a:vanillaforums:vanilla:*:*:*:*:*:*:*:*
Matching versions