Hi Kunal, Thanks for your report. Our investigation confirmed a risk, which we have now fixed. We've replied several times, and the responses are also in the email thread. But I'm not sure why you haven't received the emails. If you have any further questions, please feel free to contact us. -- Thanks, Oreo On 11/17/2025 9:56 PM, Kunal Mhaske via Securityannounce wrote:
Hi Team, Please give me a response regarding this vulnerability. Please team.
On Tue, Sep 16, 2025 at 7:07 PM Kunal Mhaske <kunalmhaske0050@gmail.com <mailto:kunalmhaske0050@gmail.com>> wrote:
Hello Team, Please give me a response regarding this Bug Report, Please.
On Mon, Jun 16, 2025 at 11:20 PM Kunal Mhaske <kunalmhaske0050@gmail.com <mailto:kunalmhaske0050@gmail.com>> wrote:
Hello Team, Please give me a response regarding this Bug Report, Please team.
On Wed, May 28, 2025 at 12:12 PM Kunal Mhaske <kunalmhaske0050@gmail.com <mailto:kunalmhaske0050@gmail.com>> wrote:
Vulnerability Name: DMARC RECORD MISSING
Target URL: https://ivorysql.org/ <https://ivorysql.org/>
HOW TO REPRODUCE(POC-ATTACHED):-
1. GO TO- https://mxtoolbox.com/ <https://mxtoolbox.com/>
2. ENTER THE WEBSITE(ivorysql.org <http://ivorysql.org> ) click on MX lookup
3. YOU WILL SEE THE FAULT(No DMARC Record found).
4. In the new page that loads, change MXLookup to DMARCLookup.
Extra info
Impact: Spammers can forge the "From" address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.
image.png
_______________________________________________ Securityannounce mailing list -- securityannounce@ivorysql.org To unsubscribe send an email to securityannounce-leave@ivorysql.org