CVE-2011-4542

Hastymail2 - SQL Injection

Title source: rule

Description

Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19758

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Bruno Teixeira, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/hastymail_exec.rb

View Code ZIP pw:eip

References (2)

[Various Sources] https://www.dognaedis.com/vulns/DGS-SEC-3.html

[Third Party Advisory] http://secunia.com/advisories/48308

Scores

EPSS 0.7336

EPSS Percentile 98.8%

Details

CWE

CWE-89

Status published

Products (10)

hastymail/hastymail2 (12 CPE variants)

hastymail/hastymail2 1.0

hastymail/hastymail2 1.01

hastymail/hastymail2 1.1 rc1 (2 CPE variants)

hastymail/hastymail2 2.0 (7 CPE variants)

hastymail/hastymail2 2.0.1

hastymail/hastymail2 2.0.2

hastymail/hastymail2 2.0.3

hastymail/hastymail2 2.0.4

hastymail/hastymail2 2.0.5

Published Nov 30, 2011

Tracked Since Feb 18, 2026