← CVECheck
HomeVulnerabilities

CVE-2002-0490 — HIGH severity vulnerability (Instant Web Mail before 0.60 does not properly filter CR/LF)

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

CVE IDCVE-2002-0490
SeverityHIGH
CVSS score10.0
CVSS vectorAV:N/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-Other
StatusModified
Published2002-08-12
Last modified2026-04-16
DescriptionInstant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →