W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in the attachments directory does not properly restrict the types of files that can be uploaded as attachments, which allows remote attackers to execute arbitrary code by sending code in MIME attachments, then requesting the attachments.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-10-26T19:00:00Z
Updated: 2024-09-17T00:42:18.674Z
Reserved: 2007-10-26T00:00:00Z
Link: CVE-2002-2331
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-12-31T05:00:00.000
Modified: 2024-11-20T23:43:25.697
Link: CVE-2002-2331
Redhat
No data.