Описание
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
Комментарий
Per: http://www.kb.cert.org/vuls/id/743555 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Ссылки
- Patch
- US Government Resource
- Patch
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.04 (включая)
cpe:2.3:a:atmail:atmail_open:*:*:open-source:*:*:*:*:*
EPSS
Процентиль: 85%
0.0241
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 14 лет назад
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...
github
больше 3 лет назад
@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.
EPSS
Процентиль: 85%
0.0241
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other