CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.123

EPSS Ranking 93.5%

CVSS Severity

CVSS v2 Score 6.5

References

http://marc.info/?l=full-disclosure&m=113570229524828&w=2
http://secunia.com/advisories/17046
http://secunia.com/advisories/17865
http://secunia.com/secunia_research/2005-62/advisory/
http://securitytracker.com/id?1015412
http://www.osvdb.org/22080
http://www.osvdb.org/22081
http://www.securityfocus.com/archive/1/420255/100/0/threaded
http://www.securityfocus.com/bid/16069
https://exchange.xforce.ibmcloud.com/vulnerabilities/23904
http://marc.info/?l=full-disclosure&m=113570229524828&w=2
http://secunia.com/advisories/17046
http://secunia.com/advisories/17865
http://secunia.com/secunia_research/2005-62/advisory/
http://securitytracker.com/id?1015412
http://www.osvdb.org/22080
http://www.osvdb.org/22081
http://www.securityfocus.com/archive/1/420255/100/0/threaded
http://www.securityfocus.com/bid/16069
https://exchange.xforce.ibmcloud.com/vulnerabilities/23904

Products affected by CVE-2005-4558

Deerfield » Visnetic Mail Server » Version: 8.3.0_build1

cpe:2.3:a:deerfield:visnetic_mail_server:8.3.0_build1
Icewarp » Web Mail » Version: 5.5.1

cpe:2.3:a:icewarp:web_mail:5.5.1
Merak » Mail Server » Version: 8.3.0r

cpe:2.3:a:merak:mail_server:8.3.0r

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-4558

Products

Pricing

Contact Us