MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the productβs file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.
[
{
"vendor": "MicroEngine Inc.",
"product": "MicroEngine Mailform",
"versions": [
{
"version": "version 1.1.0 to 1.1.8",
"status": "affected"
}
]
}
]