Security Advisory

CVE-2006-4954

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-09-23 10:00:00

Last updated 2024-08-07 19:32:22

Assigner mitre

State PUBLISHED

Description

The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.

← Browse all CVEs View on cve.org ↗