CVE Vulnerabilities

CVE-2006-0757

Published: Feb 18, 2006 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

Affected Software

Name Vendor Start Version End Version
Hivemail Hivemail 1.2_sp1 1.2_sp1
Hivemail Hivemail 1.2 1.2
Hivemail Hivemail 1.2.2 1.2.2
Hivemail Hivemail 1.3_beta1 1.3_beta1
Hivemail Hivemail 1.1.1 1.1.1
Hivemail Hivemail 1.3_rc1 1.3_rc1
Hivemail Hivemail 1.3 1.3
Hivemail Hivemail 1.2.1_rc 1.2.1_rc
Hivemail Hivemail 1.2.1_beta1 1.2.1_beta1
Hivemail Hivemail 1.1 1.1

References