CVE-2006-4954

Name of the Vulnerable Software and Affected Versions Neon WebMail for Java versions prior to 5.08

Description The issue allows remote attackers to modify information of arbitrary users due to the lack of validation of the in id parameter in the updateuser servlet. This can lead to various malicious actions, including modifying passwords and permissions, viewing profile settings, and creating or deleting users.

Recommendations For versions prior to 5.08, update to version 5.08 or later to resolve the issue. As a temporary workaround, consider restricting access to the updateuser servlet to minimize the risk of exploitation. Avoid using the in id parameter in the affected servlet until the issue is resolved.