Vulnerabilities > CVE-2006-5262 - Unspecified vulnerability in Hastymail
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Hastymail 1.x IMAP SMTP Command Injection Vulnerability. CVE-2006-5262. Webapps exploit for php platform |
id | EDB-ID:28777 |
last seen | 2016-02-03 |
modified | 2006-10-10 |
published | 2006-10-10 |
reporter | Vicente Aguilera Diaz |
source | https://www.exploit-db.com/download/28777/ |
title | Hastymail 1.x IMAP SMTP Command Injection Vulnerability |