Mailmarshal » Mailmarshal Smtp : Security Vulnerabilities, CVEs, Published In 2007
The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.
Max CVSS
7.6
EPSS Score
1.59%
Published
2007-07-17
Updated
2008-09-05
1 vulnerabilities found