Vulnerabilities > CVE-2006-5262 - Unspecified vulnerability in Hastymail

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

hastymail

exploit available

NVD

Published: 2006-10-12

Updated: 2018-10-17

Summary

CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.

Vulnerable Configurations

Part	Description	Count
Application	Hastymail Hastymail Hastymail 1.0.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail 1.1 Hastymail Hastymail 1.2 Hastymail Hastymail *	5

Exploit-Db

description	Hastymail 1.x IMAP SMTP Command Injection Vulnerability. CVE-2006-5262. Webapps exploit for php platform
id	EDB-ID:28777
last seen	2016-02-03
modified	2006-10-10
published	2006-10-10
reporter	Vicente Aguilera Diaz
source	https://www.exploit-db.com/download/28777/
title	Hastymail 1.x IMAP SMTP Command Injection Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References