CVE-2006-4210
CVE-2006-4210 describes a vulnerability in nu_mail.inc.php of Andreas Kansok’s phPay 2.02/2.02.1 where, if register_globals is enabled, a remote attacker can abuse the server as an open mail relay via manipulated parameters (mail_text2, user_row[5], nu_mail_1, shop_mail). The root cause is improp...