cbcvebase.
CVE-2007-6018
published 2008-01-11

CVE-2007-6018: IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which…

PriorityP428medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
1.77%
75.4th percentile
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "purge" deleted emails via a crafted email message.

Affected

4 ranges
VendorProductVersion rangeFixed in
hordeframework
hordegroupware_webmail_edition
hordehorde
hordeimp

CVSS provenance

nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.