Directory traversal

2012-03-2719:55:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.6%

JSON

Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a … (dot dot) in the Attachment[] parameter.

CPENameOperatorVersion
atmail_openle1.04

CPE	Name	Operator	Version
	atmail_open	le	1.04

References

atmail.org/download/atmailopen.tgz

en.securitylab.ru/lab/PT-2011-48

secunia.com/advisories/47012

www.kb.cert.org/vuls/id/743555

exchange.xforce.ibmcloud.com/vulnerabilities/74504