1. CVE-Search
  2. CVE-2006-0757
ID CVE-2006-0757
Summary Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.
References
Vulnerable Configurations
  • cpe:2.3:a:hivemail:hivemail:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.2.1_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.2.1_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.2.1_rc:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.2.1_rc:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.2_sp1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.2_sp1:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.3_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.3_beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:hivemail:hivemail:1.3_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:hivemail:hivemail:1.3_rc1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16591
bugtraq 20060210 HiveMail <= 1.3 Multiple Vulnerabilities
misc
secunia 18807
vupen ADV-2006-0527
xf hivemail-multiple-file-include(24618)
Last major update 20-07-2017 - 01:30
Published 18-02-2006 - 02:02
Last modified 20-07-2017 - 01:30
Back to Top