Arno Toll

**Name of the Vulnerable Software and Affected Versions** absofort aconon Mail 2007 Enterprise SQL version 11.7.0 absofort aconon Mail 2004 Enterprise SQL version 11.5.1 **Description** A directory traversal issue exists in the archiv.cgi component, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `template` parameter. **Recommendations** For absofort aconon Mail 2007 Enterprise SQL version 11.7.0, restrict access to the archiv.cgi component until a fix is available. For absofort aconon Mail 2004 Enterprise SQL version 11.5.1, avoid using the `template` parameter in the archiv.cgi component until the issue is resolved.