CVE-2006-5313

Name of the Vulnerable Software and Affected Versions Hastymail versions 1.5 and earlier before 20061008

Description The issue allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp message parameter. This crosses privilege boundaries if the SMTP server configuration prevents a user from establishing a direct SMTP session.

Recommendations For Hastymail versions 1.5 and earlier before 20061008, avoid using the smtp message parameter in a way that could allow arbitrary SMTP commands to be sent, until a fix is available. As a temporary workaround, consider restricting access to the SMTP functionality to minimize the risk of exploitation.