Network Security Consulting Advisories Article
Hastymail 'rs' and 'rsargs' Parameters Remote Code Injection Vulnerabilities
Input Validation Error
Nov 23 2011 12:00AM
Jul 12 2012 04:30PM
Hastymail is prone to multiple remote code-injection vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to inject and execute arbitrary malicious code with the privileges of the user running the application.
Hastymail 2.1.1 is vulnerable; other versions may also be affected.
Proof of Concept and Security Exploits
An attacker can exploit this issue through a browser.
The following exploit code is available:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: email@example.com.
RCI Vulnerability in Hastymail (ver. 2.1.1)
Site Updated May 25, 2013
©2000-2013 Emagined Security
All Rights Reserved
Secure Web Programming