mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
7.1AI Score
0.005EPSS
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
7.9AI Score
0.008EPSS