PT-2010-1796 · Lm · Lm Starmail Paidmail

Int_Main

Published

2010-08-25

Updated

2017-09-19

CVE-2009-4993

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LM Starmail Paidmail version 2.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the page parameter in the home.php file.

Recommendations For LM Starmail Paidmail version 2.0, consider restricting access to the home.php file or validating and sanitizing the page parameter to prevent remote file inclusion attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2009-4993

Affected Products

Lm Starmail Paidmail

PT-2010-1796 · Lm · Lm Starmail Paidmail

CVE-2009-4993

Weakness Enumeration

Related Identifiers

Affected Products

References · 3