CVE-2005-3133

Name of the Vulnerable Software and Affected Versions MERAK Mail Server versions 8.2.4r and possibly earlier versions

Description The issue allows remote attackers to delete arbitrary files or directories via a relative path to the id parameter to "logout.html" or include arbitrary PHP files or other files via the helpid parameter to "help.html".

Recommendations For MERAK Mail Server version 8.2.4r, restrict access to the "logout.html" and "help.html" endpoints to minimize the risk of exploitation. As a temporary workaround, consider disabling the id and helpid parameters in the affected endpoints until a patch is available. Avoid using the id parameter in the "logout.html" endpoint and the helpid parameter in the "help.html" endpoint until the issue is resolved.