PT-2000-1823 · Horde · Imp
Publicado
2000-12-19
·
Atualizado
2017-10-10
·
CVE-2000-0911
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IMP versions 2.2 and earlier
Description
The issue allows attackers to read and delete arbitrary files by modifying the
attachment name hidden form variable. This causes IMP to send the file to the attacker as an attachment.Recommendations
For versions 2.2 and earlier, consider restricting access to the attachment feature until a fix is available. As a temporary workaround, avoid using the
attachment name variable in affected forms to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Imp