CS-Forum ajouter.php email Variable Mail Header Injection
Remote / Network Access
Loss of Integrity
CS-Forum contains a flaw that may allow a remote attacker to inject arbitrary headers in email sent from the system. The issue is due to ajouter.php script not properly sanitizing user input supplied to the 'email' variable. This may allow an attacker to inject custom email headers using newline characters potentially resulting in spoofed mail content.
Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.