$to = "admin@example.com"; $subject = $_POST['subject']; $headers = "From: " . $_POST['email']; mail($to, $subject, "Message", $headers);

Email is sent to many recipients, turning the form into an open spam relay.

The exploit is relatively straightforward, with an attacker able to manipulate the email form validation process to send malicious emails. This can be achieved through various means, including: