6.5
CVE-2005-4558
- EPSS 8.33%
- Veröffentlicht 28.12.2005 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:19:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Deerfield ≫ Visnetic Mail Server Version8.3.0_build1
Merak ≫ Mail Server Version8.3.0r
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.33% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://marc.info/?l=full-disclosure&m=113570229524828&w=2
http://secunia.com/advisories/17046
http://secunia.com/advisories/17865
http://secunia.com/secunia_research/2005-62/advisory/
http://securitytracker.com/id?1015412
http://www.securityfocus.com/archive/1/420255/100/0/threaded
http://www.securityfocus.com/bid/16069
http://www.osvdb.org/22080
http://www.osvdb.org/22081
https://exchange.xforce.ibmcloud.com/vulnerabilities/23904