Description
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.8.15)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)
WordPress Plugin WP Migrate DB Security Bypass (0.6)
WordPress Plugin WP Popups-WordPress Popup builder Cross-Site Scripting (2.1.4.6)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)