CVE-2026-27602 Modoboa has an OS Command Injection

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

CVE-2023-0438

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.0.4...

CVE-2023-0398

Cross-Site Request Forgery CSRF in GitHub repository modoboa/modoboa prior to 2.0.4...

modoboa cross-site request forgery vulnerability (CNVD-2023-32765)

modoboa is an email hosting and management platform for individual developers. A cross-site request forgery vulnerability exists in modoboa versions prior to 2.1.0, which stems from /admin/accounts/id/edit/?activetab=default does not adequately validate that the request is from a trusted user. An...

PT-2023-18393 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa versions prior to 2.1.0 Description: The issue is related to Cross-Site Request Forgery CSRF in the modoboa repository. An attacker must be logged in as an admin to exploit this issue. Recommendations: For versions prior to 2.1.0,...

modoboa 安全漏洞

modoboa is an email hosting and management platform for individual developers. A security vulnerability exists in modoboa versions prior to 2.1.0, which can be exploited to bypass a strong password policy by removing specific parameters and setting the password to 1...

CVE-2023-0949 Cross-site Scripting (XSS) - Reflected in modoboa/modoboa

Cross-site Scripting XSS - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5...

modoboa 安全漏洞

modoboa is an email hosting and management platform for individual developers. A security vulnerability exists in versions prior to modoboa 2.0.4. An attacker can bypass authentication by exploiting the vulnerability...

PT-2023-16520 · Modoboa · Modoboa

Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.0.4 Description: The issue is related to an Authentication Bypass by Primary Weakness. There is no information provided about the estimated number of potentially affected devices worldwide or real-world...

GHSA-VC42-MGR2-W34R Modoboa is vulnerable to an XML External Entity Injection (XXE)

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...