CVE-2024-28441

Name of the Vulnerable Software and Affected Versions magicflue versions 7.0 and earlier

Description The issue allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the "mail/mailupdate.jsp" endpoint. This enables the attacker to potentially gain control over the system.

Recommendations For versions 7.0 and earlier, consider disabling access to the "mail/mailupdate.jsp" endpoint until a patch is available. Restricting the use of the messageid parameter in this endpoint can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.