Back to search
CVE-2002-0490
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
instant-webmail-pop-commands(8650)
vdb-entry
x_refsource_XF
4361
vdb-entry
x_refsource_BID
20020323 Instant Web Mail additional POP3 commands and mail headers
mailing-list
x_refsource_BUGTRAQ
http://instantwebmail.sourceforge.net/#changeLog
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now