Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026
CVE-2002-0490
CVE-2002-0490
Description
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
Affected products
6cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.56:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.57:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.58:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.59:*:*:*:*:*:*:*
- Range: <0.60
Patches
Vulnerability mechanics
References
4- www.iss.net/security_center/static/8650.phpnvdPatchVendor Advisory
- www.securityfocus.com/bid/4361nvdPatchVendor Advisory
- www.securityfocus.com/archive/1/264041nvdVendor Advisory
- instantwebmail.sourceforge.netnvd
News mentions
0No linked articles in our index yet.