Download Size md5 hash
basic_webmail-6.x-1.2.tar.gz 33.31 KB fc6dfc1021852318a22258781f4b61d0 35.45 KB a542e11dee473e232edc6c650432e078
Last updated: October 10, 2012 - 13:46

Release notes

Correct some security problems and some potential security problems reported in SA-CONTRIB-2012-154 - Basic webmail - Multiple vulnerabilities:

  • Not sufficiently sanitizing data when setting page title.
  • Storing login IDs and passwords in plain text in the data column of the users table, possibly including the users' Drupal site login ID and password.
  • Not sufficiently sanitizing data displayed from email messages.
  • Provideing a path to users who have the 'access basic_webmail' permission, and it allows them access to the all site's users' email addresses.
View change notices for this release
Official release from tag: