IlohaMail index.php session Parameter Arbitrary File Access
The target is running at least one instance of IlohaMail version 0.7.11 or earlier. Such versions contain a flaw in the processing of the session variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user, provided the filesystem backend is in use...