CVE-2006-4953

Name of the Vulnerable Software and Affected Versions Neon WebMail for Java versions prior to 5.08

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the addrlist and maillist servlets. Specifically, the vulnerabilities are found in the adr sortkey and adr sortkey desc parameters of the addrlist servlet, and the sortkey and sortkey desc parameters of the maillist servlet.

Recommendations For versions prior to 5.08, update to version 5.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the addrlist and maillist servlets to minimize the risk of exploitation. Avoid using the adr sortkey, adr sortkey desc, sortkey, and sortkey desc parameters in the affected servlets until the issue is resolved.