PT-2007-4350 · Madirish · Madirish Webmail

Published

2007-06-06

Updated

2017-07-29

CVE-2007-3058

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Madirish Webmail version 2.0

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to specific API endpoints: "calendar.php", "compose.php", and "index.php".

Recommendations: For Madirish Webmail version 2.0, consider restricting access to the GLOBALS[basedir] parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the GLOBALS[basedir] parameter in the "calendar.php", "compose.php", and "index.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3058

Affected Products

Madirish Webmail

PT-2007-4350 · Madirish · Madirish Webmail

CVE-2007-3058

Related Identifiers

Affected Products

References · 6