header-logo
Suggest Exploit
vendor:
DodosMail
by:
SecurityFocus
7.5
CVSS
HIGH
Local File Include
94
CWE
Product Name: DodosMail
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

DodosMail Local File Include Vulnerability

DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to obtain sensitive information that may aid in further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks. Additionally, applications should be designed to use the least privilege necessary.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30112/info

DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to obtain sensitive information that may aid in further attacks.

DodosMail 2.5 is vulnerable; other versions may also be affected. 

http://www.example.com/path/dodosmail.php?dodosmail_header_file=/../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR