Описание
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
Ссылки
- Patch
- US Government Resource
- Patch
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 1.04 (включая)
cpe:2.3:a:atmail:atmail_open:*:*:open-source:*:*:*:*:*
EPSS
Процентиль: 83%
0.01904
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-94
Связанные уязвимости
debian
почти 14 лет назад
CRLF injection vulnerability in mime.php in @Mail WebMail Client in At ...
github
больше 3 лет назад
CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter.
EPSS
Процентиль: 83%
0.01904
Низкий
6.4 Medium
CVSS2
Дефекты
CWE-94