Summary
The host is running Hastymail2 and is prone to remote code injection vulnerabilities.
Impact
Successful exploitation will allow remote attackers to inject and execute arbitrary malicious code with the privileges of the user running the application.
Impact Level: Application/System
Solution
Upgrade to Hastymail2 version 2.1.1 RC2 or later,
For updates refer to http://www.hastymail.org/downloads/
Insight
The flaw is due to improper validation of user-supplied input via the 'rs' and 'rsargs[]' parameters to index.php (when 'page' is set to 'mailbox' and 'mailbox' is set to 'Drafts'), which allows attackers to execute arbitrary code in the context of an affected site.
Affected
Hastymail2 version 2.1.1
References
Severity
Classification
-
CVE CVE-2011-4542 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- 4Images <= 1.7.1 Directory Traversal Vulnerability
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities