RSS   Vulnerabilities for 'Ccmail'   RSS

2008-04-22
 
CVE-2008-1904

CWE-287
 

 
Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the "admin area" via a modified this_cookie cookie.

 
2007-03-20
 
CVE-2007-1516

 

 
PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter.

 


Copyright 2019, cxsecurity.com

 

Back to Top