Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026

CVE-2002-0490

Description

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Affected products

Instant Web Mail/Instant Web Mail5 versions
cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.55:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.56:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.57:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.58:*:*:*:*:*:*:*
- cpe:2.3:a:instant_web_mail:instant_web_mail:0.59:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.iss.net/security_center/static/8650.phpnvdPatchVendor Advisory
www.securityfocus.com/bid/4361nvdPatchVendor Advisory
www.securityfocus.com/archive/1/264041nvdVendor Advisory
instantwebmail.sourceforge.netnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000