9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.13 Low
EPSS
Percentile
95.4%
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x
before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions,
and when used in applications that accept user-controlled input for the
mailbox argument to the imap_open function, allow remote attackers to
obtain access to an IMAP stream data structure and conduct unauthorized
IMAP actions.