Description
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Tan Chew Keong · textwebappsjsp
https://www.exploit-db.com/exploits/28609
References (5)
Core 5
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20109
Exploit, Patch x_refsource_misc
http://vuln.sg/neonmail506-en.html
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22029
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29089
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/84203
Scores
EPSS
0.0866
EPSS Percentile
92.5%
Details
Status
published
Products (2)
neosys/neon_webmail
5.06
neosys/neon_webmail
5.07
Published
Sep 23, 2006
Tracked Since
Feb 18, 2026