Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2001-09-12T04:00:00

Updated: 2024-08-01T16:55:29.477Z

Reserved: 2001-08-31T00:00:00

Link: CVE-1999-1051

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 1999-11-16T05:00:00.000

Modified: 2008-09-05T20:18:36.447

Link: CVE-1999-1051

cve-icon Redhat

No data.