icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Dada Mail < 4.0.2 List Membership Requirement Bypass

High

Synopsis

The remote web server is hosting an application that is affected by a security bypass vulnerability.

Description

The remote web server is hosting Dada Mail, a web-based mailing list application. The installed version is earlier than 4.0.2. Such versions, when using the 'Dada Bridge' plugin, are potentially affected by a security bypass vulnerability because the application does not verify that the sender of an email is a member of a list. An attacker could exploit this flaw to spam the email list.

Solution

Upgrade to Dada Mail 4.0.2 or later.