Wanamirulhakim

**Name of the Vulnerable Software and Affected Versions** directorytree/imapengine versions prior to 1.22.3 **Description** The software contains a flaw due to improper handling of user-supplied data before it is used in IMAP ID commands within the `ImapConnection.php` file. Specifically, the `id()` function does not adequately escape user input, which can lead to the injection of special characters like quote characters " or CRLF sequences r . Successful exploitation could allow an attacker to read or delete a victim's emails, terminate the victim's session, or execute arbitrary valid IMAP commands on the victim's mailbox. **Recommendations** Update to version 1.22.3 or later.