CVE-2004-2547

NetWin SurgeMail <2.0c - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2547. PoCs published by Donnie Werner.

AI-analyzed exploit summary The provided text describes vulnerabilities in SurgeMail/WebMail, specifically path disclosure and cross-site scripting (XSS) due to insufficient input sanitization. It references affected versions and a generic example URL but lacks actual exploit code.

Description

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Donnie Werner · textwebappsphp

https://www.exploit-db.com/exploits/24176

View Code ZIP pw:eip

The provided text describes vulnerabilities in SurgeMail/WebMail, specifically path disclosure and cross-site scripting (XSS) due to insufficient input sanitization. It references affected versions and a generic example URL but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: SurgeMail <= 1.9, WebMail <= 3.1d

No auth needed

Prerequisites: Access to a vulnerable SurgeMail/WebMail instance

MITRE ATT&CK

T1059.007 - JavaScript T1112 - Modify Registry

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16319

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/6745

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10483

Exploit, Patch x_refsource_misc

http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt

Exploit, Patch mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11772

Patch x_refsource_confirm

http://www.netwinsite.com/surgemail/help/updates.htm

Scores

EPSS 0.0309

EPSS Percentile 86.0%

Details

Status published

Products (46)

netwin/surgemail 1.0c

netwin/surgemail 1.0d

netwin/surgemail 1.1a

netwin/surgemail 1.1b

netwin/surgemail 1.1c

netwin/surgemail 1.1d

netwin/surgemail 1.2a

netwin/surgemail 1.2b

netwin/surgemail 1.2c

netwin/surgemail 1.3a

... and 36 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026