CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.079

EPSS Ranking 91.6%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2006-0757

Hivemail » Hivemail » Version: 1.1

cpe:2.3:a:hivemail:hivemail:1.1
Hivemail » Hivemail » Version: 1.1.1

cpe:2.3:a:hivemail:hivemail:1.1.1
Hivemail » Hivemail » Version: 1.2

cpe:2.3:a:hivemail:hivemail:1.2
Hivemail » Hivemail » Version: 1.2.1_beta1

cpe:2.3:a:hivemail:hivemail:1.2.1_beta1
Hivemail » Hivemail » Version: 1.2.1_rc

cpe:2.3:a:hivemail:hivemail:1.2.1_rc
Hivemail » Hivemail » Version: 1.2.2

cpe:2.3:a:hivemail:hivemail:1.2.2
Hivemail » Hivemail » Version: 1.2_sp1

cpe:2.3:a:hivemail:hivemail:1.2_sp1
Hivemail » Hivemail » Version: 1.3

cpe:2.3:a:hivemail:hivemail:1.3
Hivemail » Hivemail » Version: 1.3_beta1

cpe:2.3:a:hivemail:hivemail:1.3_beta1
Hivemail » Hivemail » Version: 1.3_rc1

cpe:2.3:a:hivemail:hivemail:1.3_rc1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-0757

Products

Pricing

Contact Us