N/A

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators.

N/A

N/A

HiveMail多个远程安全漏洞

HiveMail是一种流行的WebMail系统。 HiveMail的实现上存在多个输入验证漏洞，远程攻击者可能利用这些漏洞在服务器上执行多种攻击，比如任意PHP代码执行、SQL注入、获取敏感信息等。HiveMail的多个脚本对参数没有做充分的检查过滤，攻击者可以直接在参数数据中插入PHP代码、SQL语句、JavsScript代码等进行攻击。

N/A

N/A