PHP-Nuke v6.0 allows remote users to send email to any address on the internet by entering malformed email addresses. Patch included.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/30628/php-nuke_mail_crlf.patch
Source: https://packetstormsecurity.com/files/30628/php-nuke_mail_crlf.patch.html