CVE-2006-4952

Neon WebMail <5.08 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4952. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Neon WebMail versions 5.06 and 5.07, including SQL injection, directory traversal, and unauthorized access. It includes example URLs demonstrating potential exploitation vectors but lacks executable exploit code.

Description

The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tan Chew Keong · textwebappsjsp

https://www.exploit-db.com/exploits/28606

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Neon WebMail versions 5.06 and 5.07, including SQL injection, directory traversal, and unauthorized access. It includes example URLs demonstrating potential exploitation vectors but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass | Other

Complexity

Trivial

Reliability

Theoretical

Target: Neon WebMail 5.06, 5.07 (build.200607050)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK