- Description
- class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpxmail:phpxmail:0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4EC6236-839D-4424-9ED2-32A0F5DDA506"
},
{
"criteria": "cpe:2.3:a:phpxmail:phpxmail:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB30FF89-A7AC-49EA-9CEF-96B988AEB7F6"
}
],
"operator": "OR"
}
]
}
]