Instant Web Mail: Security Vulnerabilities
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
CVSS Score
10.0
EPSS Score
0.023
Published
2002-08-12