CVE-2008-0140

Name of the Vulnerable Software and Affected Versions Uebimiau Webmail versions 2.7.2 through 2.7.10

Description A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. (dot dot) in the selected theme parameter.

Recommendations For versions 2.7.2 through 2.7.10, consider restricting access to the error.php file or the selected theme parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the selected theme parameter with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.