CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and previous versions prior to 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. NOTE: the attack crosses privilege boundaries if the IMAP server configuration prevents a user from establishing a direct IMAP session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hastymail hastymail |
||
hastymail hastymail 1.0.1 |
||
hastymail hastymail 1.0.2 |
||
hastymail hastymail 1.1 |
||
hastymail hastymail 1.2 |