PT-2000-1887 · Mailfile · Mailfile

Published

2000-12-19

Updated

2017-10-10

CVE-2000-0977

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions MailFile version 1.10

Description The issue allows remote attackers to read arbitrary files by specifying the target file name in the filename parameter in a POST request. This request is then sent by email to the address specified in the email parameter.

Recommendations For MailFile version 1.10, consider restricting access to the mailfile.cgi CGI program until a patch is available, or avoid using the filename parameter in the affected POST request to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0977

Affected Products

Mailfile

PT-2000-1887 · Mailfile · Mailfile

CVE-2000-0977

Related Identifiers

Affected Products

References · 5