CVEDB API

Vulnerabilities

Vulnerable Software

Phlymail: Security Vulnerabilities

CVE-2006-4429

PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly

CVSS Score

7.5

EPSS Score

0.007

Published

2006-08-29

CVE-2006-4291

PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.

CVSS Score

5.1

EPSS Score

0.086

Published

2006-08-22

CVE-2005-4652

SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

CVSS Score

6.4

EPSS Score

0.005

Published

2005-12-31

CVE-2005-4666

Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.

CVSS Score

4.3

EPSS Score

0.006

Published

2005-12-31

CVE-2005-2606

Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.

CVSS Score

7.5

EPSS Score

0.006

Published

2005-08-17

Page 1

Vulnerabilities

Vulnerable Software

Phlymail: Security Vulnerabilities

Products

Pricing

Contact Us