Описание
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*
cpe:2.3:a:instant_web_mail:instant_web_mail:0.56:*:*:*:*:*:*:*
cpe:2.3:a:instant_web_mail:instant_web_mail:0.57:*:*:*:*:*:*:*
cpe:2.3:a:instant_web_mail:instant_web_mail:0.58:*:*:*:*:*:*:*
cpe:2.3:a:instant_web_mail:instant_web_mail:0.59:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02256
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
EPSS
Процентиль: 84%
0.02256
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other