How severe is CVE-2024-53860?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-53860?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-53860 - HIGH Severity | CVSS 8.6

Vulnerability Description

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability.

Related Vulnerabilities

CVE-2020-16087

HIGH

CVSS:8.6(High)

An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted...

CWE-742020

CVE-2025-24904

HIGH

CVSS:8.5(High)

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0...

CWE-742025

CVE-2017-18786

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects D6200 before 1.1.00.24, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R...

CWE-742017

CVE-2017-18787

HIGH

CVSS:8.4(High)

CWE-742017

CVE-2017-18792

HIGH

CVSS:8.4(High)

NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command injection.

CWE-742017

CVE-2017-18794

HIGH

CVSS:8.4(High)

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7...

CWE-742017