Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

IlohaMail User Parameter Vulnerability

Severity

Medium

Family

Web application abuses

CVSSv2 Base

4.3

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Solution Type

Vendor Patch

Created

18 years ago

Modified

5 years ago

The target is running at least one instance of IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter, which could allow a remote attacker to execute arbitrary code either on the target or in a victim's browser when a victim views a specially crafted message with an embedded image as long as PHP's magic quotes setting is turned off (it's on by default) and the MySQL backend is in use. See the reference for a discussion of this vulnerability. ***** The Scanner has determined the vulnerability exists on the target ***** simply by looking at the version number of IlohaMail ***** installed there.

Solution

Upgrade to IlohaMail version 0.8.11 or later.

References

http://sourceforge.net/mailarchive/forum.php?thread_id=3589704&forum_i

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

IlohaMail User Parameter Vulnerability

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Solution

Solution

References