VYPR
Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Jun 16, 2026

CVE-2002-0490

CVE-2002-0490

Description

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Affected products

6
  • cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*
    • cpe:2.3:a:instant_web_mail:instant_web_mail:0.56:*:*:*:*:*:*:*
    • cpe:2.3:a:instant_web_mail:instant_web_mail:0.57:*:*:*:*:*:*:*
    • cpe:2.3:a:instant_web_mail:instant_web_mail:0.58:*:*:*:*:*:*:*
    • cpe:2.3:a:instant_web_mail:instant_web_mail:0.59:*:*:*:*:*:*:*
  • Range: <0.60

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.