Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FormMail HTTP_REFERER变量可欺骗漏洞
Vulnerability Description
FormMail是一款使用广泛的基于WEB的邮件网关,允许基于表单输入邮寄个指定用户。它是用perl写的,可以运行于大多数的Linux/Unix,以及Microsoft Windows等多种系统平台。 FormMail依靠HTTP_REFERER变量来建立用户的识别,伪造HTTP_REFERER头信息可以绕过认证机制。而伪造HTTP_REFERER头信息对远程攻击者来说是非常容易的。 远程攻击者可以利用这漏洞做很多事情,比如伪造CGI变量来使用FormMail滥发匿名邮件等等。
CVSS Information
N/A
Vulnerability Type
N/A