CVE-2005-4558

EXPLOITED

IceWarp Web Mail <5.5.1 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2005-4558 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Tan Chew Keong.

AI-analyzed exploit summary The provided text describes an input-validation vulnerability in IceWarp Universal WebMail, which can lead to arbitrary file inclusion and execution of malicious PHP code. It also mentions that the issue affects Merak Mail Server and VisNetic MailServer.

Description

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Tan Chew Keong · textwebappsphp
https://www.exploit-db.com/exploits/26982

The provided text describes an input-validation vulnerability in IceWarp Universal WebMail, which can lead to arbitrary file inclusion and execution of malicious PHP code. It also mentions that the issue affects Merak Mail Server and VisNetic MailServer.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: IceWarp Universal WebMail, Merak Mail Server 8.3.0.r, VisNetic MailServer 8.3.0 build 1
No auth needed
Prerequisites: Access to the vulnerable web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Tan Chew Keong · textwebappsphp
https://www.exploit-db.com/exploits/26983

This exploit demonstrates a file inclusion vulnerability in IceWarp Universal WebMail, allowing an attacker to include arbitrary local or remote files containing malicious PHP code. The vulnerability is triggered via the 'lang_settings' parameter in the URL.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: IceWarp Universal WebMail (integrated in Merak Mail Server 8.3.0.r and VisNetic MailServer 8.3.0 build 1)
No auth needed
Prerequisites: Access to the target web interface · Ability to craft a malicious URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23904
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17865
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16069
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17046
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015412
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=113570229524828&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/22081
Exploit, Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2005-62/advisory/
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/420255/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/22080

Scores

EPSS 0.0833
EPSS Percentile 94.2%

Details

VulnCheck KEV 2005-12-27
Status published
Products (3)
deerfield/visnetic_mail_server 8.3.0_build1
icewarp/web_mail 5.5.1
merak/mail_server 8.3.0r
Published Dec 28, 2005
Tracked Since Feb 18, 2026