MailFile mailfile.cgi Arbitrary File Disclosure

2000-10-11T00:00:00
ID OSVDB:1614
Type osvdb
Reporter OSVDB
Modified 2000-10-11T00:00:00

Description

Vulnerability Description

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

Short Description

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

References:

ISS X-Force ID: 5358 CVE-2000-0977 Bugtraq ID: 1807