Instant Web Mail » Instant Web Mail : Security Vulnerabilities, CVEs,
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
Max CVSS
10.0
EPSS Score
0.71%
Published
2002-08-12
Updated
2008-09-05
1 vulnerabilities found