CVE-2007-3058

Name of the Vulnerable Software and Affected Versions: Madirish Webmail version 2.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to specific API endpoints: "calendar.php", "compose.php", and "index.php".

Recommendations: For Madirish Webmail version 2.0, consider restricting access to the GLOBALS[basedir] parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the GLOBALS[basedir] parameter in the "calendar.php", "compose.php", and "index.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.