CVE-2025-29459

CVE-2025-29459 affects MyBB 1.8.38. A vulnerability in the Mail function could allow a remote attacker to obtain sensitive information, with no exploit details provided in the sources. The Red Hat and PT Security entries corroborate the same issue and, as a mitigation, suggest temporarily disabli...

CVE-2025-29459

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

CVE-2025-29459

An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Mail function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...

SUSE CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...

PT-2025-17241 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.38 Description: An issue in MyBB allows a remote attacker to obtain sensitive information via the Mail function. Recommendations: For MyBB version 1.8.38, consider disabling the Mail function as a temporary workaround until a...

CVE-2024-38462

iRODS before 4.3.2 contains a vulnerability in msiSendMail with a problematic dependency on the mail binary (mailMS.cpp#L94-L106). Affected: versions prior to 4.3.2. Remediation: upgrade to 4.3.2 or later. No exploitation details are provided in the documents.

PT-2024-40130 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal core affected versions not specified Description: The issue is related to the sanitization of variables for shell arguments in the DefaultMailSystem::mail function when sending email, which could potentially lead to remote code...

BIT-MYBB-2022-39265

MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...

CVE-2023-5419

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2testmail function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

PT-2023-32092 · WordPress · Funnelforms Free

Name of the Vulnerable Software and Affected Versions: Funnelforms Free plugin for WordPress versions up to, and including, 3.4 Description: The issue allows authenticated attackers with subscriber-level permissions and above to send test emails to an arbitrary email address due to a missing...

SUSE CVE-2007-1717

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ '\0' byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases...

SUSE CVE-2007-1718

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the 1 Subject or 2 To parameter, as demonstrat...

CVE-2022-39265

MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...

CVE-2022-39265

CVE-2022-39265 affects MyBB prior to 1.8.31. The vulnerability arises from the Mail Settings → Additional Parameters for PHP’s mail() function, where the mail_parameters setting, in combination with the configured mail program’s options, can expose sensitive information and enable Remote Code Exe...

VulnCheck KEV: CVE-2016-10033

PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed...

Exploit for OS Command Injection in Oscommerce

PoC exploit for CVE-2020-27976, an authenticated remote code exe...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

CVE-2020-27976

osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option...

Exploit for Argument Injection in Php

This repository is an exploit module for CVE-2018-19518, a vulnerability in the PHPMailer library. The exploit is written in Python and targets the PHPMailer library's use of the "mail" function to send emails. The vulnerability allows an attacker to inject malicious code into the email body, whi...

CRLF Injection

php is vulnerable to CRLF injection. A flaw was discovered in the way PHP's mail function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients...