VYPR
Unrated severityNVD Advisory· Published Jul 17, 2007· Updated Jun 16, 2026

CVE-2007-3796

CVE-2007-3796

Description

The password reset feature in the Spam Quarantine HTTP interface for MailMarshal SMTP 6.2.0.x before 6.2.1 allows remote attackers to modify arbitrary account information via a UserId variable with a large amount of trailing whitespace followed by a malicious value, which triggers SQL buffer truncation due to length inconsistencies between variables.

Affected products

1
  • cpe:2.3:a:mailmarshal:mailmarshal_smtp:*:*:*:*:*:*:*:*
    Range: <=6.2.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.