CVE-2018-18703

Name of the Vulnerable Software and Affected Versions PhpTpoint Mailing Server Using File Handling version 1.0

Description The issue allows an attacker to read sensitive files on the system via directory traversal, bypassing the login page. This can be achieved by exploiting the Mailserver filesystem/home.php endpoint, specifically through the coninb, consent, contrsh, condrft, or conspam parameters.

Recommendations For PhpTpoint Mailing Server Using File Handling version 1.0, as a temporary workaround, consider restricting access to the Mailserver filesystem/home.php endpoint to minimize the risk of exploitation. Avoid using the coninb, consent, contrsh, condrft, or conspam parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.