Afterlogic · Afterlogic Mailbee Webmail Pro · CVE-2008-0333
**Name of the Vulnerable Software and Affected Versions**
AfterLogic MailBee WebMail Pro version 4.1 for ASP.NET
**Description**
The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the download view attachment.aspx file. This is achieved by using a .. (dot dot) in the `temp filename` parameter of the vulnerable API endpoint "download view attachment.aspx".
**Recommendations**
For AfterLogic MailBee WebMail Pro version 4.1 for ASP.NET, consider restricting access to the `download view attachment.aspx` endpoint until a patch is available, and avoid using the `temp filename` parameter with unvalidated input to minimize the risk of exploitation.