Aggregates CVE and security vulnerability intelligence across all v-webmail-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk sql injection and vendor risk path handling, with potential vendor impact file overwrite and vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-3061 | Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the to parameter. | [email protected] | 4.3 | 0.26% | 2008-10-08 | 2026-04-23 |
| CVE-2008-3063 | SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter. | [email protected] | 7.5 | 0.33% | 2008-10-08 | 2026-04-23 |
| CVE-2008-3060 | V-webmail 1.5.0 allows remote attackers to obtain sensitive information via (1) malformed input in the login page (includes/local.hooks.php) and (2) an invalid session ID, which reveals the installation path in an error message. | [email protected] | 5.0 | 0.29% | 2008-10-08 | 2026-04-23 |
| CVE-2006-2666 | PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | [email protected] | 7.5 | 15.15% | 2006-05-30 | 2026-04-16 |
| CVE-2006-2665 | PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | [email protected] | 7.5 | 10.35% | 2006-05-30 | 2026-04-16 |
| CVE-2006-0794 | help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 5.0 | 0.36% | 2006-02-19 | 2026-04-16 |
| CVE-2006-0793 | frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 5.0 | 0.50% | 2006-02-19 | 2026-04-16 |
| CVE-2006-0792 | Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 0.51% | 2006-02-19 | 2026-04-16 |