2 matches found
CVE-2008-6873
CVE-2008-6873 concerns a SQL injection vulnerability in Active Web Mail 4.0 . The flaw allows remote attackers to manipulate the database via the TabOpenQuickTab1 parameter on three pages: popaccounts.aspx, addressbook.aspx, and emails.aspx. The affected component is the web application’s input h...
CVE-2008-5973
The CVE-2008-5973 entry describes an SQL injection vulnerability in Active Web Mail 4.0 (login.aspx) that allows an attacker to execute arbitrary SQL commands via the password parameter. Affected component: login form handling in Active Web Mail 4.0. Root cause: improper sanitization of input lea...