CVE-2006-0711

Name of the Vulnerable Software and Affected Versions NeoMail version 1.28

Description The issue concerns the addfolder and deletefolder functions in neomail-prefs.pl, which fail to validate the Session ID. This allows remote attackers to add and delete arbitrary files when NeoMail is configured with homedirfolders and homedirspools disabled.

Recommendations For NeoMail version 1.28, as a temporary workaround, consider disabling the addfolder and deletefolder functions until a patch is available. Restrict access to the neomail-prefs.pl script to minimize the risk of exploitation. Avoid using the Session ID parameter in the affected functions until the issue is resolved.