7.5

CVE-2006-0757

EPSS 7.88%
Veröffentlicht 18.02.2006 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hivemail ≫ Hivemail Version1.1

Hivemail ≫ Hivemail Version1.1.1

Hivemail ≫ Hivemail Version1.2

Hivemail ≫ Hivemail Version1.2.1_beta1

Hivemail ≫ Hivemail Version1.2.1_rc

Hivemail ≫ Hivemail Version1.2.2

Hivemail ≫ Hivemail Version1.2_sp1

Hivemail ≫ Hivemail Version1.3

Hivemail ≫ Hivemail Version1.3_beta1

Hivemail ≫ Hivemail Version1.3_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.88%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html

Vendor Advisory

http://forum.hivemail.com/showthread.php?p=26745

http://secunia.com/advisories/18807

http://www.gulftech.org/?node=research&article_id=00098-02102006

Vendor Advisory

http://www.securityfocus.com/bid/16591

http://www.vupen.com/english/advisories/2006/0527

https://exchange.xforce.ibmcloud.com/vulnerabilities/24618

https://nvd.nist.gov/vuln/detail/CVE-2006-0757

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0757

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0757

EUVD