PHP-Nuke has got four functions that allow restricted sending of
e-mails: Feedback, Recommend Us, Send (news item) to a Friend and
Send this Journal to a Friend. They either restrict who you can send
e-mails to or what message you can send to them. They are open for
anonymous users as well as regular users.
By submitting special data, an attacker can escape these restrictions
and use someone else's PHP-Nuke installation to send HTML e-mails
to any recipient with any message that they like.