PT-1999-1549 · Matt Wright · Formhandler.Cgi

Published

1999-11-16

Updated

2008-09-05

CVE-1999-1051

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FormHandler.cgi (affected versions not specified)

Description The issue concerns the default configuration of the Matt Wright FormHandler.cgi script, which allows arbitrary directories to be used for attachments. It only restricts access to the /etc/ directory, enabling remote attackers to read arbitrary files via the reply message attach attachment parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1051

Affected Products

Formhandler.Cgi

PT-1999-1549 · Matt Wright · Formhandler.Cgi

CVE-1999-1051

Related Identifiers

Affected Products

References · 2