Vulnerabilities > CVE-2002-0490 - Unspecified vulnerability in Instant web Mail Instant web Mail
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |