CVE-2007-3620

2007-07-09T16:30:00
ID CVE-2007-3620
Type cve
Reporter cve@mitre.org
Modified 2012-10-31T02:39:00

Description

Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 and earlier might allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) prevlang and (2) super parameters to (a) php/login.php; the (3) charset parameter to (a) php/login.php, (b) php/internal-init.php, and (c) php/xlogin.php; the (4) lang parameter to (b) php/internal-init.php; and the (5) language parameter to (c) php/xlogin.php. Successful exploitation requires that "magic_quotes_gpc" is disabled.