CVE-2002-1581

Name of the Vulnerable Software and Affected Versions Mailreader.com versions 2.3.20 through 2.3.31

Description A directory traversal issue exists, allowing remote attackers to view arbitrary files. This is achieved by using .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.

Recommendations For versions 2.3.20 through 2.3.31, consider restricting access to the nph-mr.cgi script until a patch is available. As a temporary workaround, avoid using the configLanguage parameter with .. sequences and null bytes (%00) to minimize the risk of exploitation.