CVE-2007-6018 — Improper Input Validation in Framework
Severity
5.8MEDIUMNVD
EPSS
1.4%
top 19.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 11
Latest updateMay 1
Description
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.
CVSS vector
AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9