CVE-2008-0210

Uebimiau Webmail 2.7.10 and 2.7.2 - Unauthenticated Authentication Bypass via sess[auth] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0210. PoCs published by Eugene Minaev.

AI-analyzed exploit summary This exploit leverages a combination of register_globals being enabled and insecure use of extract() on $_GET to bypass authentication and read arbitrary local files on the server. The PoC demonstrates how to manipulate the selected_theme parameter to traverse directories and read files.

Description

Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eugene Minaev · textwebappsphp
https://www.exploit-db.com/exploits/4846

This exploit leverages a combination of register_globals being enabled and insecure use of extract() on $_GET to bypass authentication and read arbitrary local files on the server. The PoC demonstrates how to manipulate the selected_theme parameter to traverse directories and read files.

Classification
Working Poc 90%
Attack Type
Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Uebimiau Web-Mail (version not specified)
No auth needed
Prerequisites: register_globals enabled · PHP version >= 4.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27154
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4846

Scores

EPSS 0.0213
EPSS Percentile 79.5%

Details

CWE
CWE-287
Status published
Products (2)
uebimiau/webmail 2.7.2
uebimiau/webmail 2.7.10
Published Jan 10, 2008
Tracked Since Feb 18, 2026