CVE-2008-0210

Uebimiau Webmail - Authentication Bypass

Title source: rule

Description

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eugene Minaev · textwebappsphp
https://www.exploit-db.com/exploits/4846

References (2)

Scores

EPSS 0.0188
EPSS Percentile 82.9%

Classification

CWE
CWE-287
Status draft

Affected Products (2)

uebimiau/webmail
uebimiau/webmail

Timeline

Published Jan 10, 2008
Tracked Since Feb 18, 2026