CVE-2006-0757

HiveMail <1.3 - Code Injection

Title source: llm

Description

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

Exploits (3)

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/27185

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/27184

View Code ZIP pw:eip

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1756

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html

[Various Sources] http://forum.hivemail.com/showthread.php?p=26745

[Vendor Advisory] http://www.gulftech.org/?node=research&article_id=00098-02102006

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24618

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16591

[Third Party Advisory] http://secunia.com/advisories/18807

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0527

Scores

EPSS 0.0788

EPSS Percentile 92.0%

Details

Status published

Products (10)

hivemail/hivemail 1.1

hivemail/hivemail 1.1.1

hivemail/hivemail 1.2

hivemail/hivemail 1.2.1_beta1

hivemail/hivemail 1.2.1_rc

hivemail/hivemail 1.2.2

hivemail/hivemail 1.2_sp1

hivemail/hivemail 1.3

hivemail/hivemail 1.3_beta1

hivemail/hivemail 1.3_rc1

Published Feb 18, 2006

Tracked Since Feb 18, 2026