CVE-2004-1674

viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to 1 delete arbitrary files via the originalfolder parameter or 2 move arbitrary files via the messageid parameter...