Page 1 of 1

CMSimple 4.5.1: Email injection vulnerability

Posted: Wed Feb 18, 2015 9:58 pm
by cmb
Hello Community,

I've just found an email injection vulnerability in CMSimple 4.5.1. It is easy to exploit (especially as CMSimple is Open Source software), but the severity is likely to be low (I'm neither an expert on security nor MTAs, though).

Unfortunately, the developer of CMSimple is not interested in accepting bug reports from me, so I post the issue here for your consideration. I will not publish any details, but the bug is easy to spot.