Vulnerability Description
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deerfield | Visnetic Mail Server | 8.3.0_build1 |
| Icewarp | Web Mail | 5.5.1 |
| Merak | Mail Server | 8.3.0r |
References
- http://marc.info/?l=full-disclosure&m=113570229524828&w=2
- http://secunia.com/advisories/17046ExploitPatchVendor Advisory
- http://secunia.com/advisories/17865
- http://secunia.com/secunia_research/2005-62/advisory/ExploitVendor Advisory
- http://securitytracker.com/id?1015412
- http://www.osvdb.org/22077
- http://www.osvdb.org/22078
- http://www.securityfocus.com/archive/1/420255/100/0/threaded
- http://www.securityfocus.com/bid/16069Exploit
- http://marc.info/?l=full-disclosure&m=113570229524828&w=2
- http://secunia.com/advisories/17046ExploitPatchVendor Advisory
- http://secunia.com/advisories/17865
- http://secunia.com/secunia_research/2005-62/advisory/ExploitVendor Advisory
- http://securitytracker.com/id?1015412
- http://www.osvdb.org/22077
FAQ
What is CVE-2005-4556?
CVE-2005-4556 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote att...
How severe is CVE-2005-4556?
CVE-2005-4556 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4556?
Check the references section above for vendor advisories and patch information. Affected products include: Deerfield Visnetic Mail Server, Icewarp Web Mail, Merak Mail Server.