The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4103)