CVE-1999-1051

Name of the Vulnerable Software and Affected Versions FormHandler.cgi (affected versions not specified)

Description The issue concerns the default configuration of the Matt Wright FormHandler.cgi script, which allows arbitrary directories to be used for attachments. It only restricts access to the /etc/ directory, enabling remote attackers to read arbitrary files via the reply message attach attachment parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.