logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2005-4558

Description

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.


Affected Software


CPE Name Name Version
merak:mail_server merak mail server 8.3.0r
deerfield:visnetic_mail_server deerfield visnetic mail server 8.3.0_build1
icewarp:web_mail icewarp web mail 5.5.1

Related