header-logo
Suggest Exploit
vendor:
Merak Mail Server
by:
7.5
CVSS
HIGH
Multiple vulnerabilities
CWE
Product Name: Merak Mail Server
Affected Version From: Prior to 7.5.2
Affected Version To: 7.5.2001
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Vulnerabilities in Merak Mail Server Webmail Package

The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities including multiple cross-site scripting vulnerabilities, an HTML injection vulnerability, a PHP source code disclosure vulnerability, and an SQL injection vulnerability. These vulnerabilities allow attackers to execute arbitrary code, disclose sensitive information, and perform various attacks on the affected system.

Mitigation:

Update to version 7.5.2 or later to mitigate these vulnerabilities. Apply patches if available. Regularly monitor for security advisories from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10966/info
 
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
 
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
 
These vulnerabilities are reported to exist in versions prior to 7.5.2.

/settings.html?autoresponder=1&id=[id]&spage=">[XSS]
/settings.html?autoresponder=">[XSS]&id=[id]&spage=0

Navigation

Suggest Exploit

Services By CQR