CVE-2005-4556 Information

Feb 14, 2021 cve

Description

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1 as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1 when register_globals is enabled allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.

Reference

http://marc.info/?l=full-disclosure&m=113570229524828&w=2 http://secunia.com/advisories/17046 http://secunia.com/advisories/17865 http://secunia.com/secunia_research/2005-62/advisory/ http://securitytracker.com/id?1015412 http://www.osvdb.org/22077 http://www.osvdb.org/22078 http://www.securityfocus.com/archive/1/420255/100/0/threaded http://www.securityfocus.com/bid/16069

Share on: