CVE-2008-0210

Name of the Vulnerable Software and Affected Versions Uebimiau Webmail versions 2.7.2 through 2.7.10

Description The issue allows remote attackers to bypass authentication by setting the sess[auth] parameter to 1 via HTTP requests, as the software does not protect authentication state variables. This can be used to conduct directory traversal attacks without authentication.

Recommendations For Uebimiau Webmail versions 2.7.2 through 2.7.10, avoid using the sess[auth] parameter in HTTP requests until the issue is resolved. As a temporary workaround, consider restricting access to sensitive areas of the webmail application to minimize the risk of exploitation.