Description
The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Security Bugware · textwebappscgi
https://www.exploit-db.com/exploits/21617
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://www.securitybugware.org/Other/5537.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9615.php
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5238
Scores
EPSS
0.0038
EPSS Percentile
59.5%
Details
Status
published
Products (9)
imho/imho_webmail
0.96
imho/imho_webmail
0.96.1
imho/imho_webmail
0.96.2
imho/imho_webmail
0.96.3
imho/imho_webmail
0.97
imho/imho_webmail
0.97.1
imho/imho_webmail
0.98
imho/imho_webmail
0.98.2
imho/imho_webmail
0.98.3
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026