CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
The Webmail plus module is a full-featured email client for Drupal. It’s designed to provide email for any or all members of a Drupal site.
The module doesn’t sufficiently sanitize user input as it is used in a database query.
CVE: CVE-2012-5590
Drupal core is not affected. If you do not use the contributed Webmail Plus module, there is nothing you need to do.
Uninstall the module:
Also see the Webmail Plus project page.