Hastymail IMAP SMTP命令注入漏洞

Hastymail IMAP是一款由PHP编写的IMAP协议实现客户端。 Hastymail IMAP不充分过滤用户提交的URI输入，远程攻击者可以利用漏洞执行其他SMTP命令。 由于对命令和信息缺少验证，可导致恶意用户注入任意IMAP/SMTP命令到邮件服务器，可导致绕过限制进行访问。 Hastymail Hastymail 1.5 Hastymail Hastymail 1.2 Hastymail Hastymail 1.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail 1.0.1 升级程序： Hastymail Hastymail 1.0.1 Hastymail hastymail_1.5_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d" target="_blank">http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d</a> iff Hastymail Hastymail 1.0.2 Hastymail hastymail_1.0.2_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.0.2_command_injection_fix" target="_blank">http://hastymail.sourceforge.net/hastymail_1.0.2_command_injection_fix</a> .diff Hastymail hastymail_1.5_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d" target="_blank">http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d</a> iff Hastymail Hastymail 1.1 Hastymail hastymail_1.5_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d" target="_blank">http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d</a> iff Hastymail Hastymail 1.2 Hastymail hastymail_1.5_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d" target="_blank">http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d</a> iff Hastymail Hastymail 1.5 Hastymail hastymail_1.5_command_injection_fix.diff <a href="http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d" target="_blank">http://hastymail.sourceforge.net/hastymail_1.5_command_injection_fix.d</a> iff