Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

IlohaMail User Parameter Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for User Parameter vulnerability in IlohaMail

Detailed Explanation for this Vulnerability Test

The target is running at least one instance of IlohaMail version
0.8.10 or earlier. Such versions do not properly sanitize the 'user'
parameter, which could allow a remote attacker to execute arbitrary
code either on the target or in a victim's browser when a victim views
a specially crafted message with an embedded image as long as PHP's
magic quotes setting is turned off (it's on by default) and the MySQL
backend is in use.

For a discussion of this vulnerability, see :

http://sourceforge.net/mailarchive/forum.php?thread_id=3589704&forum_id=27701

***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number of IlohaMail
***** installed there.

Solution : Upgrade to IlohaMail version 0.8.11 or later.

Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.