CVE-2004-1129

Name of the Vulnerable Software and Affected Versions: CMailServer version 5.2

Description: The issue allows remote attackers to inject arbitrary SQL commands, potentially leading to the deletion of mail metadata or e-mail addresses of contacts. This is achieved via the indexOfMail parameter in multiple ASP files, including fdelmail.asp and addressc.asp.

Recommendations: For CMailServer version 5.2, consider restricting access to the indexOfMail parameter in the affected ASP files to minimize the risk of exploitation. As a temporary workaround, avoid using the indexOfMail parameter in the vulnerable API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.