CVE-2005-0845

2005-03-2405:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.7%

JSON

Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a … (dot dot) in the attach_id parameter.

References

marc.info/?l=bugtraq&m=111159967417903&w=2

netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=

secunia.com/advisories/14658

www.security.org.sg/vuln/surgemail22g3.html